php-opencloud · kamibutt143 · Dec 19, 2022 · Dec 19, 2022 · Dec 20, 2023 · k0ka
diff --git a/.phpunit.result.cache b/.phpunit.result.cache
diff --git a/src/Identity/v3/Api.php b/src/Identity/v3/Api.php
@@ -837,4 +837,17 @@ public function deletePolicy(): array
  'params' => ['id' => $this->params->idUrl('policy')],
  ];
  }
+
+ public function postApplicationCredentialsTokens(): array
+ {
+ return [
+ 'method' => 'POST',
+ 'path' => 'auth/tokens',
+ 'params' => [
+ 'methods' => $this->params->methods(),
+ 'application_credential' => $this->params->applicationCredential(),
+ 'tokenId' => $this->params->tokenBody(),
+ ],
+ ];
+ }
 }
diff --git a/src/Identity/v3/Models/Token.php b/src/Identity/v3/Models/Token.php
@@ -108,15 +108,20 @@ public function create(array $data): Creatable
  if (!isset($data['user']['id']) && empty($data['user']['domain'])) {
  throw new \InvalidArgumentException('When authenticating with a username, you must also provide either the domain name or domain ID to '.'which the user belongs to. Alternatively, if you provide a user ID instead, you do not need to '.'provide domain information.');
  }
- } elseif (isset($data['tokenId'])) {
+ } elseif (isset($data['application_credential'])) {
+ $data['methods'] = ['application_credential'];
+ if (!isset($data['application_credential']['id']) && empty($data['application_credential']['secret'])) {
+ throw new \InvalidArgumentException('To authenticate with an application credential, specify “application_credential” as the auth method. The ID of the application credential used for authentication. The secret for authenticating the application credential.');
+ }
+ } elseif (isset($data['tokenId'])) {
  $data['methods'] = ['token'];
  } else {
  throw new \InvalidArgumentException('Either a user or token must be provided.');
  }
 
- $response = $this->execute($this->api->postTokens(), $data);
+ $definition = (isset($data['user']) || isset($data['tokenId'])) ? $this->api->postTokens() : $this->api->postApplicationCredentialsTokens();
+ $response = $this->execute($definition, $data);
  $token = $this->populateFromResponse($response);
-
  // Cache response as an array to export if needed.
  // Added key `id` which is auth token from HTTP header X-Subject-Token
  $this->cachedToken = Utils::flattenJson(Utils::jsonDecode($response), $this->resourceKey);

diff --git a/src/Identity/v3/Params.php b/src/Identity/v3/Params.php
@@ -315,4 +315,22 @@ public function blob(): array
  'description' => "This does something, but it's not explained in the docs (as of writing this)",
  ];
  }
+
+ public function applicationCredential(): array
+ {
+ return [
+ 'type' => self::OBJECT_TYPE,
+ 'path' => 'auth.identity',
+ 'properties' => [
+ 'id' => [
+ 'type' => self::STRING_TYPE,
+ 'description' => 'The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user.',
+ ],
+ 'secret' => [
+ 'type' => self::STRING_TYPE,
+ 'description' => 'The secret for authenticating the application credential.',
+ ],
+ ],
+ ];
+ }
 }