38 lines
1.3 KiB
PHP
38 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Providers;
|
|
|
|
use App\Models\ProviderConnection;
|
|
use RuntimeException;
|
|
|
|
final class AdminConsentUrlFactory
|
|
{
|
|
public function __construct(
|
|
private readonly ProviderIdentityResolver $identityResolver,
|
|
) {}
|
|
|
|
public function make(ProviderConnection $connection, string $state): string
|
|
{
|
|
$normalizedState = trim($state);
|
|
|
|
if ($normalizedState === '') {
|
|
throw new RuntimeException('Consent state is required.');
|
|
}
|
|
|
|
$resolution = $this->identityResolver->resolve($connection);
|
|
|
|
if (! $resolution->resolved || $resolution->effectiveClientId === null || $resolution->redirectUri === null) {
|
|
throw new RuntimeException($resolution->message ?? 'Provider identity could not be resolved for admin consent.');
|
|
}
|
|
|
|
$tenantSegment = trim($resolution->tenantContext) !== '' ? trim($resolution->tenantContext) : 'organizations';
|
|
|
|
return "https://login.microsoftonline.com/{$tenantSegment}/v2.0/adminconsent?".http_build_query([
|
|
'client_id' => $resolution->effectiveClientId,
|
|
'redirect_uri' => $resolution->redirectUri,
|
|
'scope' => (string) config('graph.scope', 'https://graph.microsoft.com/.default'),
|
|
'state' => $normalizedState,
|
|
]);
|
|
}
|
|
}
|