diff --git a/README.md b/README.md
index 2006e75..a48656f 100644
--- a/README.md
+++ b/README.md
@@ -113,14 +113,14 @@ This method should typically be called in the `boot` method of your `AppServiceP
 
 ```php
 use Anikeen\Id\AnikeenId;
-use Anikeen\Id\Providers\AnikeenIdSsoUserProvider;
+use Anikeen\Id\Providers\AnikeenIdUserProvider;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 
 public function boot(): void
 {
     Auth::provider('anikeen', function ($app, array $config) {
-        return new AnikeenIdSsoUserProvider(
+        return new AnikeenIdUserProvider(
             $app->make(AnikeenId::class),
             $app->make(Request::class),
             $config['model'],
diff --git a/README.stub b/README.stub
index ebb5f59..db68d40 100644
--- a/README.stub
+++ b/README.stub
@@ -113,14 +113,14 @@ This method should typically be called in the `boot` method of your `AppServiceP
 
 ```php
 use Anikeen\Id\AnikeenId;
-use Anikeen\Id\Providers\AnikeenIdSsoUserProvider;
+use Anikeen\Id\Providers\AnikeenIdUserProvider;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 
 public function boot(): void
 {
     Auth::provider('anikeen', function ($app, array $config) {
-        return new AnikeenIdSsoUserProvider(
+        return new AnikeenIdUserProvider(
             $app->make(AnikeenId::class),
             $app->make(Request::class),
             $config['model'],
diff --git a/src/Id/Providers/AnikeenIdSsoUserProvider.php b/src/Id/Providers/AnikeenIdSsoUserProvider.php
deleted file mode 100644
index b4fe5e0..0000000
--- a/src/Id/Providers/AnikeenIdSsoUserProvider.php
+++ /dev/null
@@ -1,113 +0,0 @@
-<?php
-
-
-namespace Anikeen\Id\Providers;
-
-use Anikeen\Id\AnikeenId;
-use Illuminate\Contracts\Auth\Authenticatable;
-use Illuminate\Contracts\Auth\UserProvider;
-use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Http\Request;
-use Illuminate\Support\Arr;
-
-class AnikeenIdSsoUserProvider implements UserProvider
-{
-    private ?string $accessTokenField = null;
-
-    public function __construct(
-        private AnikeenId $anikeenId,
-        private Request   $request,
-        private string    $model,
-        private array     $fields
-    )
-    {
-        $this->accessTokenField = AnikeenId::getAccessTokenField();
-    }
-
-    public function retrieveById(mixed $identifier): ?Authenticatable
-    {
-        $model = $this->createModel();
-        $token = $this->request->bearerToken();
-
-        $user = $this->newModelQuery($model)
-            ->where($model->getAuthIdentifierName(), $identifier)
-            ->first();
-
-        // Return user when found
-        if ($user) {
-            // Update access token when updated
-            if ($this->accessTokenField) {
-                $user[$this->accessTokenField] = $token;
-
-                if ($user->isDirty()) {
-                    $user->save();
-                }
-            }
-
-            return $user;
-        }
-
-        // Create new user
-        $this->anikeenId->setToken($token);
-        $result = $this->anikeenId->getAuthedUser();
-
-        if (!$result->success()) {
-            return null;
-        }
-
-        $attributes = Arr::only((array)$result->data(), $this->fields);
-        $attributes[$model->getAuthIdentifierName()] = $result->data->id;
-
-        if ($this->accessTokenField) {
-            $attributes[$this->accessTokenField] = $token;
-        }
-
-        return $this->newModelQuery($model)->create($attributes);
-    }
-
-    /**
-     * Create a new instance of the model.
-     */
-    public function createModel(): Model
-    {
-        $class = '\\' . ltrim($this->model, '\\');
-
-        return new $class;
-    }
-
-    /**
-     * Get a new query builder for the model instance.
-     */
-    protected function newModelQuery(?Model $model = null): Builder
-    {
-        return is_null($model)
-            ? $this->createModel()->newQuery()
-            : $model->newQuery();
-    }
-
-    public function retrieveByToken($identifier, $token)
-    {
-        return null;
-    }
-
-    public function updateRememberToken(Authenticatable $user, $token)
-    {
-        // void
-    }
-
-    public function retrieveByCredentials(array $credentials)
-    {
-        return null;
-    }
-
-    public function validateCredentials(Authenticatable $user, array $credentials): bool
-    {
-        return false;
-    }
-
-    public function rehashPasswordIfRequired(Authenticatable $user, #[\SensitiveParameter] array $credentials, bool $force = false)
-    {
-        // TODO: Implement rehashPasswordIfRequired() method.
-    }
-}
diff --git a/src/Id/Providers/AnikeenIdUserProvider.php b/src/Id/Providers/AnikeenIdUserProvider.php
new file mode 100644
index 0000000..956f01f
--- /dev/null
+++ b/src/Id/Providers/AnikeenIdUserProvider.php
@@ -0,0 +1,124 @@
+<?php
+
+namespace Anikeen\Id\Providers;
+
+use Anikeen\Id\AnikeenId;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Contracts\Auth\UserProvider;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Http\Request;
+use Illuminate\Support\Arr;
+
+class AnikeenIdUserProvider implements UserProvider
+{
+    private ?string $accessTokenField;
+
+    public function __construct(
+        private AnikeenId $anikeenId,
+        private Request   $request,
+        private string    $model,
+        private array     $fields = []
+    ) {
+        $this->accessTokenField = AnikeenId::getAccessTokenField();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function retrieveByToken($identifier, $token): ?Authenticatable
+    {
+        // Token from request (if not already pass from $token):
+        $token = $token ?: $this->request->bearerToken();
+        if (! $token) {
+            return null;
+        }
+
+        // Set token in SSO client and request user info
+        $this->anikeenId->setToken($token);
+        $result = $this->anikeenId->getAuthedUser();
+        if (! $result->success()) {
+            return null;
+        }
+
+        // Only the desired fields
+        $data = Arr::only((array)$result->data(), $this->fields);
+        // Primary key (e.g. $user->id)
+        $pk = $this->createModel()->getAuthIdentifierName();
+        $data[$pk] = $result->data->id;
+
+        // Fill in access token field, if available
+        if ($this->accessTokenField) {
+            $data[$this->accessTokenField] = $token;
+        }
+
+        // Local eloquent model: either find or create a new one
+        /** @var Model $modelInstance */
+        $modelInstance = $this->newModelQuery()
+            ->firstOrNew([$pk => $data[$pk]]);
+
+        $modelInstance->fill($data);
+        $modelInstance->save();
+
+        return $modelInstance;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function updateRememberToken(Authenticatable $user, $token): void
+    {
+        // no-op
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function retrieveByCredentials(array $credentials): ?Authenticatable
+    {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function validateCredentials(Authenticatable $user, array $credentials): bool
+    {
+        return true;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function retrieveById($identifier): ?Authenticatable
+    {
+        return $this->newModelQuery()
+            ->where($this->createModel()->getAuthIdentifierName(), $identifier)
+            ->first();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function rehashPasswordIfRequired(Authenticatable $user, #[\SensitiveParameter] array $credentials, bool $force = false): void
+    {
+        // no-op
+    }
+
+    /**
+     * @return Model
+     */
+    protected function createModel(): Model
+    {
+        $class = '\\' . ltrim($this->model, '\\');
+        return new $class;
+    }
+
+    /**
+     * @return Builder
+     */
+    protected function newModelQuery(): Builder
+    {
+        return $this->createModel()->newQuery();
+    }
+}