David Kimura PRO said over 3 years ago on Authentication from Scratch :
The authenticate method is an alias for some meta programming that's going on in the module that is included by has_secure_password.

https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/InstanceMethodsOnActivation.html

  define_method("authenticate_#{attribute}") do |unencrypted_password|
    attribute_digest = public_send("#{attribute}_digest")
    BCrypt::Password.new(attribute_digest).is_password?(unencrypted_password) && self
  end

  alias_method :authenticate, :authenticate_password if attribute == :password

So, it basically just calls BCrypt to check with the method is_password? if they are a match.