78 lines
2.3 KiB
PHP
78 lines
2.3 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Providers;
|
|
|
|
use App\Models\ProviderConnection;
|
|
use App\Models\ProviderCredential;
|
|
use InvalidArgumentException;
|
|
use RuntimeException;
|
|
|
|
final class CredentialManager
|
|
{
|
|
/**
|
|
* @return array{client_id: string, client_secret: string}
|
|
*/
|
|
public function getClientCredentials(ProviderConnection $connection): array
|
|
{
|
|
$credential = $connection->credential;
|
|
|
|
if (! $credential instanceof ProviderCredential) {
|
|
throw new RuntimeException('Provider credentials are missing.');
|
|
}
|
|
|
|
if ($credential->type !== 'client_secret') {
|
|
throw new RuntimeException('Unsupported provider credential type.');
|
|
}
|
|
|
|
$payload = $credential->payload;
|
|
|
|
if (! is_array($payload)) {
|
|
throw new RuntimeException('Provider credential payload is invalid.');
|
|
}
|
|
|
|
$clientId = trim((string) ($payload['client_id'] ?? ''));
|
|
$clientSecret = trim((string) ($payload['client_secret'] ?? ''));
|
|
|
|
if ($clientId === '' || $clientSecret === '') {
|
|
throw new RuntimeException('Provider credential payload is missing required keys.');
|
|
}
|
|
|
|
$tenantId = $payload['tenant_id'] ?? null;
|
|
|
|
if (is_string($tenantId) && $tenantId !== '' && $tenantId !== $connection->entra_tenant_id) {
|
|
throw new InvalidArgumentException('Provider credential tenant_id does not match the connection entra_tenant_id.');
|
|
}
|
|
|
|
return [
|
|
'client_id' => $clientId,
|
|
'client_secret' => $clientSecret,
|
|
];
|
|
}
|
|
|
|
public function upsertClientSecretCredential(
|
|
ProviderConnection $connection,
|
|
string $clientId,
|
|
string $clientSecret,
|
|
): ProviderCredential {
|
|
$clientId = trim($clientId);
|
|
$clientSecret = trim($clientSecret);
|
|
|
|
if ($clientId === '' || $clientSecret === '') {
|
|
throw new InvalidArgumentException('client_id and client_secret are required.');
|
|
}
|
|
|
|
return ProviderCredential::query()->updateOrCreate(
|
|
[
|
|
'provider_connection_id' => $connection->getKey(),
|
|
],
|
|
[
|
|
'type' => 'client_secret',
|
|
'payload' => [
|
|
'client_id' => $clientId,
|
|
'client_secret' => $clientSecret,
|
|
],
|
|
],
|
|
);
|
|
}
|
|
}
|