$this->apiTokens->listAll(), 'oauthClients' => Client::orderByDesc('created_at')->get(), 'scopes' => config('api.scopes'), 'newToken' => session('new_api_token'), 'newClient' => session('new_oauth_client'), ]); } public function storeToken(Request $request): RedirectResponse { $data = $request->validate([ 'name' => ['required', 'string', 'max:100'], 'scopes' => ['required', 'array', 'min:1'], 'scopes.*' => ['string', 'in:' . implode(',', array_keys(config('api.scopes')))], 'expires_in_days' => ['nullable', 'integer', 'min:1', 'max:3650'], ]); $result = $this->apiTokens->create( $data['name'], $data['scopes'], $data['expires_in_days'] ?? null ); $request->attributes->set('audit_metadata', [ 'name' => $data['name'], 'scopes' => $data['scopes'], ]); return redirect() ->route('api-clients.index') ->with('success', 'API token created. Copy it now — it will not be shown again.') ->with('new_api_token', [ 'name' => $result['token']->name, 'token' => $result['plain_text'], ]); } public function destroyToken(Request $request, ApiToken $apiToken): RedirectResponse { $request->attributes->set('audit_metadata', ['name' => $apiToken->name]); $this->apiTokens->revoke($apiToken); return redirect()->route('api-clients.index')->with('success', 'API token revoked.'); } public function storeOAuthClient(Request $request): RedirectResponse { $data = $request->validate([ 'name' => ['required', 'string', 'max:100'], ]); $client = $this->clientRepository->createClientCredentialsGrantClient($data['name']); $request->attributes->set('audit_metadata', ['name' => $data['name']]); return redirect() ->route('api-clients.index') ->with('success', 'OAuth2 client created. Copy credentials now.') ->with('new_oauth_client', [ 'name' => $client->name, 'client_id' => $client->id, 'client_secret' => $client->plainSecret, ]); } public function destroyOAuthClient(Request $request, string $clientId): RedirectResponse { $client = Client::findOrFail($clientId); $request->attributes->set('audit_metadata', ['name' => $client->name]); $client->update(['revoked' => true]); return redirect()->route('api-clients.index')->with('success', 'OAuth2 client revoked.'); } }