If equals() returns false , the user will be forced to authenticate again. What exactly you check is up to you, because it differs from one application to another. As a rule, you need to compare everything that can change in relation to the user, which affects the security of your application.
For example, if you use an email address and password for authentication in the application, you need to compare them. On the contrary, comparing the first and last name fields does not make sense, since they do not affect anything related to authentication in your application - unless, of course, the authentication of your application is somehow based on them.
If you support different roles in your application β for example, an administrator and a regular user β and your application provides a way to assign and reassign these roles to users, you also need to compare the roles. Because if you want to lower the user rating from administrator to regular user, you want the changes to take effect as soon as possible - at the next user request - without explicitly asking the user to log out and reinstall. If you do not compare roles in this case, the user will remain an administrator until the expiration of her session.
Verifying the identifier does not make sense if your application does not allow changing user identifiers, and they are used for authentication in your application. And I wouldnβt check the salt either, because if it changed, it also meant that the password changed too, so itβs enough to check only the password.