tenant_id !== (int) $tenant->getKey()) { throw new InvalidArgumentException('Provider connection does not belong to the tenant.'); } $clientId = trim((string) ($tenant->app_client_id ?? '')); $clientSecret = trim((string) ($tenant->app_client_secret ?? '')); if ($clientId === '' || $clientSecret === '') { return [ 'migrated' => false, 'message' => 'No legacy tenant credentials found to migrate.', ]; } $existing = $connection->credential; if ($existing instanceof ProviderCredential) { if ($existing->type !== 'client_secret') { throw new RuntimeException('Provider connection has unsupported credential type.'); } $payload = $existing->payload; $existingClientId = trim((string) Arr::get(is_array($payload) ? $payload : [], 'client_id')); $existingClientSecret = trim((string) Arr::get(is_array($payload) ? $payload : [], 'client_secret')); if ($existingClientId !== '' && $existingClientSecret !== '') { return [ 'migrated' => false, 'message' => 'Provider credentials already exist for this connection.', ]; } } $this->credentials->upsertClientSecretCredential( connection: $connection, clientId: $clientId, clientSecret: $clientSecret, ); return [ 'migrated' => true, 'message' => 'Legacy tenant credentials migrated to the provider connection.', ]; } }