credential; if (! $credential instanceof ProviderCredential) { throw new RuntimeException('Provider credentials are missing.'); } if ($credential->type !== 'client_secret') { throw new RuntimeException('Unsupported provider credential type.'); } $payload = $credential->payload; if (! is_array($payload)) { throw new RuntimeException('Provider credential payload is invalid.'); } $clientId = trim((string) ($payload['client_id'] ?? '')); $clientSecret = trim((string) ($payload['client_secret'] ?? '')); if ($clientId === '' || $clientSecret === '') { throw new RuntimeException('Provider credential payload is missing required keys.'); } $tenantId = $payload['tenant_id'] ?? null; if (is_string($tenantId) && $tenantId !== '' && $tenantId !== $connection->entra_tenant_id) { throw new InvalidArgumentException('Provider credential tenant_id does not match the connection entra_tenant_id.'); } return [ 'client_id' => $clientId, 'client_secret' => $clientSecret, ]; } public function upsertClientSecretCredential( ProviderConnection $connection, string $clientId, string $clientSecret, ): ProviderCredential { $clientId = trim($clientId); $clientSecret = trim($clientSecret); if ($clientId === '' || $clientSecret === '') { throw new InvalidArgumentException('client_id and client_secret are required.'); } return ProviderCredential::query()->updateOrCreate( [ 'provider_connection_id' => $connection->getKey(), ], [ 'type' => 'client_secret', 'payload' => [ 'client_id' => $clientId, 'client_secret' => $clientSecret, ], ], ); } }