In reading https://symfony.com/doc/current/security/custom_provider.html#create-a-user-class/, all of the examples that I've seen implement the Symfony\Component\Security\Core\User\UserInterface for the User class. This interface defines a method for a salt field - but I'm wanting to use Bcrypt for the hashing algorithm.
In my app/config/security.yml file I have:
encoders:
AppBundle\Security\User\WebserviceUser:
algorithm: bcrypt
cost: 12
The linked document says:
If getSalt() returns nothing, then the submitted password is simply encoded using the algorithm you specify in security.yml. If a salt is specified, then the following value is created and then hashed ...
Does this imply that if I specify for Bcrypt to be used, then I don't need a salt field in the users DB table (since the salt is in the same string as the rest of the password when hashed with Bcrypt)?
If that is the case then I'm guessing that I could just leave the getSalt() method with an empty body so that no salt would be specified and the algorithm in security.yml would be used.
Are my above assumptions correct? If they are not, how can I implement a user provider with bcrypt being used to hash passwords?
I'm using Symfony 3.1.6
