@oddz Thanks for your reply.
What I’m thinking is, if the Service class has no validation or any checking of $credentials
parameter, then when it’s packed as a library somebody can misuse it by sending credentials without username
. What do you think?