Application extends Thing uses ApplicationTrait
Represents a client application (PKCE, M2M, public) that connects to a WebAPI.
Applications are OAuth2 clients created by admins or users (self-service). Each application has an owner (user), one or more scopes (permission groups), and optional direct permissions.
Tags
Table of Contents
Constants
- ALLOWED_IPS : string = 'allowedIPs'
- CONTEXT : string = \xyz\oihana\schema\constants\Oihana::SCHEMA
- The @context of the json-ld representation of the thing.
- CREATED_BY : string = 'createdBy'
- DEFAULT : string = 'default'
- DISABLED_AT : string = 'disabledAt'
- DISABLED_BY : string = 'disabledBy'
- DISABLED_REASON : string = 'disabledReason'
- EXPIRES_AT : string = 'expiresAt'
- JSON_PRIORITY_KEYS : array<string|int, mixed> = [\org\schema\constants\Schema::AT_TYPE, \org\sc...
- Defines the priority order of keys when serializing the object to JSON-LD.
- KEY_ID : string = 'keyId'
- KEYFILE : string = 'keyfile'
- LAST_SEEN_IP : string = 'lastSeenIP'
- LAST_USED_AT : string = 'lastUsedAt'
- METADATA : string = 'metadata'
- PROTECTED : string = 'protected'
Properties
- $_from : string|null
- The metadata to indicates the edge 'from' identifier.
- $_id : null|string
- The metadata identifier of the item.
- $_key : null|string
- The metadata unique key identifier of the thing.
- $_rev : null|string
- The metadata revision value of the thing.
- $_to : string|null
- The metadata to indicates the edge 'to' identifier.
- $active : bool|null
- The active flag.
- $additionalType : array<string|int, mixed>|string|null|object
- An additionalType for the item.
- $allowedIPs : array<string|int, mixed>|null
- IP whitelist using glob patterns (fnmatch).
- $alternateName : string|object|array<string|int, mixed>|null
- An alias for the item.
- $clientId : string|null
- The OAuth2/OIDC client ID (from Zitadel).
- $created : null|string
- Date of creation of the resource.
- $createdBy : string|Thing|null
- The user (or system) who created this application.
- $default : bool|null
- Whether this is the default application for the API.
- $description : string|object|array<string|int, mixed>|null
- A short description of the item.
- $disabledAt : string|null
- The date this application was disabled (ISO 8601).
- $disabledBy : string|Thing|null
- The user (or system) who disabled this application.
- $disabledReason : string|null
- The reason why this application was disabled.
- $disambiguatingDescription : string|null
- A sub property of description. A short description of the item used to disambiguate from other, similar items. Information from other properties (in particular, name) may be necessary for the description to be useful for disambiguation.
- $expiresAt : string|null
- The expiration date of this application (ISO 8601).
- $hasPart : string|Thing|array<string|int, Thing>|null
- Indicates an item that this part of this item.
- $id : null|int|string
- The unique identifier of the item.
- $identifier : string|null
- The identifier of the item.
- $image : string|ImageObject|array<string|int, ImageObject|string>|null
- The image reference of this resource.
- $isPartOf : string|Thing|array<string|int, Thing>|null
- Indicates an item that this item is part of.
- $keyfile : Keyfile|null
- The full keyfile (RSA private key + metadata).
- $keyId : string|null
- The keyId of the currently active key for this M2M application.
- $lastSeenIP : string|null
- The last IP address from which this application was seen.
- $lastUsedAt : string|null
- The last time this application was used (ISO 8601).
- $license : string|object|null
- A legal document giving official permission to do something with the resource.
- $mainEntityOfPage : string|null
- Indicates a page (or other CreativeWork) for which this thing is the main entity being described.
- $metadata : object|array<string|int, mixed>|null
- Free-form metadata for this application.
- $modified : null|string
- Date on which the resource was changed.
- $name : int|string|null
- The name of the item.
- $owner : null|string|Thing
- The owner of this Thing.
- $permissions : array<string|int, Permission>|null
- The direct permissions assigned to this application.
- $permissionsCount : int|null
- The number of direct permissions attached on this Application.
- $policies : array<string|int, Policy>|null
- The policies assigned to this application (M2M authorization bundles).
- $policiesCount : int|null
- The number of policies attached on this Application.
- $potentialAction : array<string|int, mixed>|Action|null
- Indicates a potential Action, which describes an idealized action in which this thing would play an 'object' role.
- $protected : bool|null
- Whether this application is protected from deletion and deactivation.
- $publisher : string|array<string|int, string|Person|Organization>|Person|Organization|null
- The publisher of the resource.
- $sameAs : string|array<string|int, mixed>|null
- URL of a reference Web page that unambiguously indicates the item's identity.
- $subjectOf : null|string|array<string|int, mixed>|CreativeWork|Event
- A CreativeWork or Event about this Thing.
- $url : int|string|null
- URL of the item.
- $atContext : string|null
- The JSON-LD `@context` value.
- $atType : string|null
- The JSON-LD `@type` value.
- $DEFAULT_JSON_SERIALIZE_OPTIONS : array<string|int, mixed>
- The default static jsonSerialize options (class-level configuration).
- $schemaTypeCache : array<string, string>
- Internal cache for resolved schema types.
Methods
- __construct() : mixed
- Constructor to hydrate public properties from an array or stdClass.
- getJsonSerializeOptions() : array<string|int, mixed>
- Returns the default JSON serialization options.
- getSchemaType() : string
- Returns the fully qualified URI of the schema type.
- jsonSerialize() : array<string|int, mixed>
- Serializes the current object into a JSON-LD array.
- withAtContext() : $this
- Sets the internal JSON-LD `@context` attribute.
- withAtType() : $this
- Sets the internal JSON-LD `@type` attribute.
- withJSONLDMeta() : $this
- Initializes both JSON-LD metadata: `@type` and `@context`.
Constants
ALLOWED_IPS
public
string
ALLOWED_IPS
= 'allowedIPs'
CONTEXT
The @context of the json-ld representation of the thing.
public
string
CONTEXT
= \xyz\oihana\schema\constants\Oihana::SCHEMA
CREATED_BY
public
string
CREATED_BY
= 'createdBy'
DEFAULT
public
string
DEFAULT
= 'default'
DISABLED_AT
public
string
DISABLED_AT
= 'disabledAt'
DISABLED_BY
public
string
DISABLED_BY
= 'disabledBy'
DISABLED_REASON
public
string
DISABLED_REASON
= 'disabledReason'
EXPIRES_AT
public
string
EXPIRES_AT
= 'expiresAt'
JSON_PRIORITY_KEYS
Defines the priority order of keys when serializing the object to JSON-LD.
public
array<string|int, mixed>
JSON_PRIORITY_KEYS
= [\org\schema\constants\Schema::AT_TYPE, \org\schema\constants\Schema::AT_CONTEXT, \org\schema\constants\Schema::_KEY, \org\schema\constants\Schema::_FROM, \org\schema\constants\Schema::_TO, \org\schema\constants\Schema::ID, \org\schema\constants\Schema::NAME, \org\schema\constants\Schema::URL, \org\schema\constants\Schema::CREATED, \org\schema\constants\Schema::MODIFIED]
Keys listed here will always appear first in the serialized array, in the order specified. All remaining public properties will be sorted alphabetically after these priority keys.
This ensures that important JSON-LD metadata and system fields
(like @type, @context, _key, id, url, created, modified, etc.)
appear at the top of the output for consistency and readability.
Usage:
$orderedKeys = self::JSON_PRIORITY_KEYS;
Notes:
- Can be overridden in a subclass by redefining the constant.
- Late static binding (
static::JSON_PRIORITY_KEYS) allows child classes to modify the serialization order.
List of JSON-LD keys in priority order.
KEY_ID
public
string
KEY_ID
= 'keyId'
KEYFILE
public
string
KEYFILE
= 'keyfile'
LAST_SEEN_IP
public
string
LAST_SEEN_IP
= 'lastSeenIP'
LAST_USED_AT
public
string
LAST_USED_AT
= 'lastUsedAt'
METADATA
public
string
METADATA
= 'metadata'
PROTECTED
public
string
PROTECTED
= 'protected'
Properties
$_from
The metadata to indicates the edge 'from' identifier.
public
string|null
$_from
$_id
The metadata identifier of the item.
public
null|string
$_id
$_key
The metadata unique key identifier of the thing.
public
null|string
$_key
$_rev
The metadata revision value of the thing.
public
null|string
$_rev
$_to
The metadata to indicates the edge 'to' identifier.
public
string|null
$_to
$active
The active flag.
public
bool|null
$active
$additionalType
An additionalType for the item.
public
array<string|int, mixed>|string|null|object
$additionalType
$allowedIPs
IP whitelist using glob patterns (fnmatch).
public
array<string|int, mixed>|null
$allowedIPs
$alternateName
An alias for the item.
public
string|object|array<string|int, mixed>|null
$alternateName
$clientId
The OAuth2/OIDC client ID (from Zitadel).
public
string|null
$clientId
$created
Date of creation of the resource.
public
null|string
$created
$createdBy
The user (or system) who created this application.
public
string|Thing|null
$createdBy
$default
Whether this is the default application for the API.
public
bool|null
$default
$description
A short description of the item.
public
string|object|array<string|int, mixed>|null
$description
$disabledAt
The date this application was disabled (ISO 8601).
public
string|null
$disabledAt
$disabledBy
The user (or system) who disabled this application.
public
string|Thing|null
$disabledBy
$disabledReason
The reason why this application was disabled.
public
string|null
$disabledReason
$disambiguatingDescription
A sub property of description. A short description of the item used to disambiguate from other, similar items. Information from other properties (in particular, name) may be necessary for the description to be useful for disambiguation.
public
string|null
$disambiguatingDescription
$expiresAt
The expiration date of this application (ISO 8601).
public
string|null
$expiresAt
$hasPart
Indicates an item that this part of this item.
public
string|Thing|array<string|int, Thing>|null
$hasPart
$id
The unique identifier of the item.
public
null|int|string
$id
$identifier
The identifier of the item.
public
string|null
$identifier
$image
The image reference of this resource.
public
string|ImageObject|array<string|int, ImageObject|string>|null
$image
$isPartOf
Indicates an item that this item is part of.
public
string|Thing|array<string|int, Thing>|null
$isPartOf
$keyfile
The full keyfile (RSA private key + metadata).
public
Keyfile|null
$keyfile
= null
Populated only in the response of POST /applications, POST /me/applications, POST /applications/{id}/rotate-key and POST /me/applications/{id}/rotate-key. Never persisted server-side and never returned by GET endpoints.
$keyId
The keyId of the currently active key for this M2M application.
public
string|null
$keyId
= null
Server-written — set on creation and rotated through the
/applications/{id}/rotate-key endpoint. Persisted in Arango.
$lastSeenIP
The last IP address from which this application was seen.
public
string|null
$lastSeenIP
$lastUsedAt
The last time this application was used (ISO 8601).
public
string|null
$lastUsedAt
$license
A legal document giving official permission to do something with the resource.
public
string|object|null
$license
$mainEntityOfPage
Indicates a page (or other CreativeWork) for which this thing is the main entity being described.
public
string|null
$mainEntityOfPage
$metadata
Free-form metadata for this application.
public
object|array<string|int, mixed>|null
$metadata
$modified
Date on which the resource was changed.
public
null|string
$modified
$name
The name of the item.
public
int|string|null
$name
$owner
The owner of this Thing.
public
null|string|Thing
$owner
Represents any entity (person, organization, system, or other object) that can be considered the possessor of this Thing.
$permissions
The direct permissions assigned to this application.
public
array<string|int, Permission>|null
$permissions
Attributes
- #[HydrateWith]
- \xyz\oihana\schema\auth\Permission::class
$permissionsCount
The number of direct permissions attached on this Application.
public
int|null
$permissionsCount
$policies
The policies assigned to this application (M2M authorization bundles).
public
array<string|int, Policy>|null
$policies
Attributes
- #[HydrateWith]
- \xyz\oihana\schema\auth\Policy::class
$policiesCount
The number of policies attached on this Application.
public
int|null
$policiesCount
$potentialAction
Indicates a potential Action, which describes an idealized action in which this thing would play an 'object' role.
public
array<string|int, mixed>|Action|null
$potentialAction
$protected
Whether this application is protected from deletion and deactivation.
public
bool|null
$protected
= null
When true, neither admin nor owner can DELETE the document or PATCH
active=false. Server-written : the field is excluded from POST and
PATCH whitelists and can only be toggled via the dedicated CLI command
(auth:applications:protect / unprotect) or the seed file.
Distinct from default (which marks the singleton API-default app) :
protected is a broader, multi-instance flag for system-critical M2M
apps (cron sync, monitoring, integrations) that must survive any UI
mishandling.
$publisher
The publisher of the resource.
public
string|array<string|int, string|Person|Organization>|Person|Organization|null
$publisher
$sameAs
URL of a reference Web page that unambiguously indicates the item's identity.
public
string|array<string|int, mixed>|null
$sameAs
E.g. the URL of the item's Wikipedia page, Wikidata entry, or official website.
$subjectOf
A CreativeWork or Event about this Thing.
public
null|string|array<string|int, mixed>|CreativeWork|Event
$subjectOf
$url
URL of the item.
public
int|string|null
$url
$atContext
The JSON-LD `@context` value.
protected
string|null
$atContext
= null
Default is https://schema.org.
$atType
The JSON-LD `@type` value.
protected
string|null
$atType
= null
This can be manually set or automatically inferred from the class name.
$DEFAULT_JSON_SERIALIZE_OPTIONS
The default static jsonSerialize options (class-level configuration).
protected
static array<string|int, mixed>
$DEFAULT_JSON_SERIALIZE_OPTIONS
= []
$schemaTypeCache
Internal cache for resolved schema types.
private
static array<string, string>
$schemaTypeCache
= []
Methods
__construct()
Constructor to hydrate public properties from an array or stdClass.
public
__construct([array<string|int, mixed>|object|null $init = null ]) : mixed
This allows objects to be quickly populated with associative data without manually setting each property.
Parameters
- $init : array<string|int, mixed>|object|null = null
-
A data array or object used to initialize the instance. Keys must match public property names.
Tags
getJsonSerializeOptions()
Returns the default JSON serialization options.
public
getJsonSerializeOptions() : array<string|int, mixed>
This method determines how the jsonSerialize() output is reduced or compressed, etc.
It can be overridden in child classes to customize serialization behavior.
Return values
array<string|int, mixed> —Returns the reduction/compression options for JSON serialization.
getSchemaType()
Returns the fully qualified URI of the schema type.
public
static getSchemaType() : string
This method combines the class's CONTEXT constant with its short name
to produce a globally unique identifier for the entity type.
- It uses Late Static Binding to ensure the correct context is retrieved even when called from an inherited class (e.g., Corporation vs. Affiliate).
- Performance Optimization:
Results are stored in a static cache (
$schemaTypeCache) to avoid redundant Reflection calls during the same execution lifecycle.
Return values
string —The absolute URI of the type (e.g., "https://schema.org/Thing"). ** @example
echo Thing::getSchemaType(); // https://schema.org/Thing
echo Affiliate::getSchemaType(); // https://schema.oihana.xyz/Pagination
jsonSerialize()
Serializes the current object into a JSON-LD array.
public
jsonSerialize() : array<string|int, mixed>
Includes public properties, the JSON-LD @context and @type.
Null values are automatically removed.
Tags
Return values
array<string|int, mixed> —JSON-LD representation of the object.
withAtContext()
Sets the internal JSON-LD `@context` attribute.
public
withAtContext(string $context) : $this
Useful if you need a custom JSON-LD context.
Parameters
- $context : string
-
Optional JSON-LD context.
Return values
$thiswithAtType()
Sets the internal JSON-LD `@type` attribute.
public
withAtType(string $type) : $this
Allows overriding the default type inferred from the class.
Parameters
- $type : string
-
Optional JSON-LD type
Return values
$thiswithJSONLDMeta()
Initializes both JSON-LD metadata: `@type` and `@context`.
public
withJSONLDMeta([string|null $atType = null ][, string|null $atContext = null ]) : $this
Can be called from constructor or later to override default values.
Parameters
- $atType : string|null = null
-
Optional JSON-LD type
- $atContext : string|null = null
-
Optional JSON-LD context