WordPress at a glance
filter is not described

authenticate filter-hook . WP 2.8.0

Filters whether a set of user login credentials are valid.

A WP_User object is returned if the credentials authenticate a user. WP_Error or null otherwise.

Usage

add_filter( 'authenticate', 'filter_function_name_899', 10, 3 );
function filter_function_name_899( $user, $username, $password ){
	// filter...

	return $user;
}
$user(null/WP_User/WP_Error)
WP_User if the user is authenticated. WP_Error or null otherwise.
$username(string)
Username or email address.
$password(string)
User password

Changelog

Since 2.8.0 Introduced.
Since 4.5.0 $username now accepts an email address.

Where the hook is called

wp_authenticate()
authenticate
wp-includes/pluggable.php 549
$user = apply_filters( 'authenticate', null, $username, $password );

Where in WP core the hook is used WordPress

wp-includes/pluggable.php 436
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
wp-includes/pluggable.php 437
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
wp-includes/pluggable.php 438
add_filter( 'authenticate', 'wp_authenticate_application_password', 20, 3 );
wp-includes/pluggable.php 439
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
wp-includes/pluggable.php 93
add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );