diff --git a/security/guard_authentication.rst b/security/guard_authentication.rst
index 945d9deccc8..edbd6f122ee 100644
--- a/security/guard_authentication.rst
+++ b/security/guard_authentication.rst
@@ -168,7 +168,7 @@ This requires you to implement several methods::
             // The "username" in this case is the apiToken, see the key `property`
             // of `your_db_provider` in `security.yaml`.
             // If this returns a user, checkCredentials() is called next:
-            return $userProvider->loadUserByUsername($apiToken);
+            return $userProvider->loadUserByUsername($credentials);
         }
 
         public function checkCredentials($credentials, UserInterface $user)