TenantAtlas/app/Services/Providers/ProviderIdentityResolution.php

<?php

namespace App\Services\Providers;

use App\Support\Providers\ProviderConnectionType;
use App\Support\Providers\ProviderReasonCodes;
use Illuminate\Support\Str;
use RuntimeException;

final class ProviderIdentityResolution
{
    private function __construct(
        public readonly bool $resolved,
        public readonly ProviderConnectionType $connectionType,
        public readonly string $tenantContext,
        public readonly ?string $effectiveClientId,
        public readonly string $credentialSource,
        public readonly ?string $clientSecret,
        public readonly ?string $authorityTenant,
        public readonly ?string $redirectUri,
        public readonly ?string $reasonCode,
        public readonly ?string $message,
    ) {}

    public static function resolved(
        ProviderConnectionType $connectionType,
        string $tenantContext,
        string $effectiveClientId,
        string $credentialSource,
        ?string $clientSecret,
        ?string $authorityTenant,
        ?string $redirectUri,
    ): self {
        return new self(
            resolved: true,
            connectionType: $connectionType,
            tenantContext: $tenantContext,
            effectiveClientId: $effectiveClientId,
            credentialSource: $credentialSource,
            clientSecret: $clientSecret,
            authorityTenant: $authorityTenant,
            redirectUri: $redirectUri,
            reasonCode: null,
            message: null,
        );
    }

    public static function blocked(
        ProviderConnectionType $connectionType,
        string $tenantContext,
        string $credentialSource,
        string $reasonCode,
        ?string $message = null,
    ): self {
        return new self(
            resolved: false,
            connectionType: $connectionType,
            tenantContext: $tenantContext,
            effectiveClientId: null,
            credentialSource: $credentialSource,
            clientSecret: null,
            authorityTenant: null,
            redirectUri: null,
            reasonCode: ProviderReasonCodes::isKnown($reasonCode) ? $reasonCode : ProviderReasonCodes::UnknownError,
            message: $message,
        );
    }

    /**
     * @param  array<string, mixed>  $overrides
     * @return array<string, mixed>
     */
    public function graphOptions(array $overrides = []): array
    {
        if (! $this->resolved || $this->effectiveClientId === null || $this->clientSecret === null) {
            throw new RuntimeException($this->message ?? 'Provider identity could not be resolved.');
        }

        return array_merge([
            'tenant' => $this->tenantContext,
            'client_id' => $this->effectiveClientId,
            'client_secret' => $this->clientSecret,
            'client_request_id' => (string) Str::uuid(),
        ], $overrides);
    }

    public function effectiveReasonCode(): string
    {
        return $this->reasonCode ?? ProviderReasonCodes::UnknownError;
    }
}