Oihana PHP System

Service extends Thing uses ServiceTrait

Represents a Service Account (machine identity) backed by a Zitadel Machine User.

Holds OAuth2 client credentials issued via a Zitadel User Key (JWT private_key_jwt grant, RFC 7523) and the audit fields tracking M2M activity.

Tags
see
Keyfile
Permission
Policy
author

Marc Alcaraz

since
1.0.2

Table of Contents

Constants

ALLOWED_IPS  : string = 'allowedIPs'
CONTEXT  : string = \xyz\oihana\schema\constants\Oihana::SCHEMA
The @context of the json-ld representation of the thing.
CREATED_BY  : string = 'createdBy'
DISABLED_AT  : string = 'disabledAt'
DISABLED_BY  : string = 'disabledBy'
DISABLED_REASON  : string = 'disabledReason'
EXPIRES_AT  : string = 'expiresAt'
JSON_PRIORITY_KEYS  : array<string|int, mixed> = [\org\schema\constants\Schema::AT_TYPE, \org\sc...
Defines the priority order of keys when serializing the object to JSON-LD.
KEY_ID  : string = 'keyId'
KEYFILE  : string = 'keyfile'
LAST_SEEN_IP  : string = 'lastSeenIP'
LAST_USED_AT  : string = 'lastUsedAt'
METADATA  : string = 'metadata'
PROTECTED  : string = 'protected'

Properties

$_from  : string|null
The metadata to indicates the edge 'from' identifier.
$_id  : null|string
The metadata identifier of the item.
$_key  : null|string
The metadata unique key identifier of the thing.
$_rev  : null|string
The metadata revision value of the thing.
$_to  : string|null
The metadata to indicates the edge 'to' identifier.
$active  : bool|null
The active flag.
$additionalType  : array<string|int, mixed>|string|null|object
An additionalType for the item.
$allowedIPs  : array<string|int, mixed>|null
IP whitelist using glob patterns (fnmatch).
$alternateName  : string|object|array<string|int, mixed>|null
An alias for the item.
$clientId  : string|null
OAuth2 `client_id` exposed to the service for token requests.
$created  : null|string
Date of creation of the resource.
$createdBy  : string|Thing|null
The user (or system) who created this service.
$description  : string|object|array<string|int, mixed>|null
A short description of the item.
$disabledAt  : string|null
The date this service was disabled (ISO 8601).
$disabledBy  : string|Thing|null
The user (or system) who disabled this service.
$disabledReason  : string|null
The reason why this service was disabled.
$disambiguatingDescription  : string|null
A sub property of description. A short description of the item used to disambiguate from other, similar items. Information from other properties (in particular, name) may be necessary for the description to be useful for disambiguation.
$expiresAt  : string|null
The expiration date of this service (ISO 8601).
$hasPart  : string|Thing|array<string|int, Thing>|null
Indicates an item that this part of this item.
$id  : null|int|string
The unique identifier of the item.
$identifier  : string|null
The identifier of the item.
$image  : string|ImageObject|array<string|int, ImageObject|string>|null
The image reference of this resource.
$isPartOf  : string|Thing|array<string|int, Thing>|null
Indicates an item that this item is part of.
$keyfile  : Keyfile|null
The full keyfile (RSA private key + metadata).
$keyId  : string|null
Zitadel User Key identifier (POST /v2/users/{userId}/keys response).
$lastSeenIP  : string|null
The last IP address from which this service was seen.
$lastUsedAt  : string|null
The last time this service was used (ISO 8601).
$license  : string|object|null
A legal document giving official permission to do something with the resource.
$mainEntityOfPage  : string|null
Indicates a page (or other CreativeWork) for which this thing is the main entity being described.
$metadata  : object|array<string|int, mixed>|null
Free-form metadata for this service.
$modified  : null|string
Date on which the resource was changed.
$name  : int|string|null
The name of the item.
$owner  : null|string|Thing
The owner of this Thing.
$permissions  : array<string|int, Permission>|null
The direct permissions assigned to this service.
$permissionsCount  : int|null
The number of direct permissions attached on this Service.
$policies  : array<string|int, Policy>|null
The policies assigned to this service (M2M authorization bundles).
$policiesCount  : int|null
The number of policies attached on this Service.
$potentialAction  : array<string|int, mixed>|Action|null
Indicates a potential Action, which describes an idealized action in which this thing would play an 'object' role.
$protected  : bool|null
Whether this service is protected from deletion and deactivation.
$publisher  : string|array<string|int, string|Person|Organization>|Person|Organization|null
The publisher of the resource.
$sameAs  : string|array<string|int, mixed>|null
URL of a reference Web page that unambiguously indicates the item's identity.
$subjectOf  : null|string|array<string|int, mixed>|CreativeWork|Event
A CreativeWork or Event about this Thing.
$url  : int|string|null
URL of the item.
$atContext  : string|null
The JSON-LD `@context` value.
$atType  : string|null
The JSON-LD `@type` value.
$DEFAULT_JSON_SERIALIZE_OPTIONS  : array<string|int, mixed>
The default static jsonSerialize options (class-level configuration).
$schemaTypeCache  : array<string, string>
Internal cache for resolved schema types.

Methods

__construct()  : mixed
Constructor to hydrate public properties from an array or stdClass.
getJsonSerializeOptions()  : array<string|int, mixed>
Returns the default JSON serialization options.
getSchemaType()  : string
Returns the fully qualified URI of the schema type.
jsonSerialize()  : array<string|int, mixed>
Serializes the current object into a JSON-LD array.
withAtContext()  : $this
Sets the internal JSON-LD `@context` attribute.
withAtType()  : $this
Sets the internal JSON-LD `@type` attribute.
withJSONLDMeta()  : $this
Initializes both JSON-LD metadata: `@type` and `@context`.

Constants

CONTEXT

The @context of the json-ld representation of the thing.

public string CONTEXT = \xyz\oihana\schema\constants\Oihana::SCHEMA

DISABLED_REASON

public string DISABLED_REASON = 'disabledReason'

JSON_PRIORITY_KEYS

Defines the priority order of keys when serializing the object to JSON-LD.

public array<string|int, mixed> JSON_PRIORITY_KEYS = [\org\schema\constants\Schema::AT_TYPE, \org\schema\constants\Schema::AT_CONTEXT, \org\schema\constants\Schema::_KEY, \org\schema\constants\Schema::_FROM, \org\schema\constants\Schema::_TO, \org\schema\constants\Schema::ID, \org\schema\constants\Schema::NAME, \org\schema\constants\Schema::URL, \org\schema\constants\Schema::CREATED, \org\schema\constants\Schema::MODIFIED]

Keys listed here will always appear first in the serialized array, in the order specified. All remaining public properties will be sorted alphabetically after these priority keys.

This ensures that important JSON-LD metadata and system fields (like @type, @context, _key, id, url, created, modified, etc.) appear at the top of the output for consistency and readability.

Usage:

$orderedKeys = self::JSON_PRIORITY_KEYS;

Notes:

  • Can be overridden in a subclass by redefining the constant.
  • Late static binding (static::JSON_PRIORITY_KEYS) allows child classes to modify the serialization order.

List of JSON-LD keys in priority order.

Properties

$_from

The metadata to indicates the edge 'from' identifier.

public string|null $_from

$_id

The metadata identifier of the item.

public null|string $_id

$_key

The metadata unique key identifier of the thing.

public null|string $_key

$_rev

The metadata revision value of the thing.

public null|string $_rev

$_to

The metadata to indicates the edge 'to' identifier.

public string|null $_to

$active

The active flag.

public bool|null $active

$additionalType

An additionalType for the item.

public array<string|int, mixed>|string|null|object $additionalType

$allowedIPs

IP whitelist using glob patterns (fnmatch).

public array<string|int, mixed>|null $allowedIPs

$alternateName

An alias for the item.

public string|object|array<string|int, mixed>|null $alternateName

$clientId

OAuth2 `client_id` exposed to the service for token requests.

public string|null $clientId

With Zitadel Machine Users, equals keyId of the active User Key — surfaced as a separate field for symmetry with Service and to allow rotation.

$created

Date of creation of the resource.

public null|string $created

$createdBy

The user (or system) who created this service.

public string|Thing|null $createdBy

$description

A short description of the item.

public string|object|array<string|int, mixed>|null $description

$disabledAt

The date this service was disabled (ISO 8601).

public string|null $disabledAt

$disabledBy

The user (or system) who disabled this service.

public string|Thing|null $disabledBy

$disabledReason

The reason why this service was disabled.

public string|null $disabledReason

$disambiguatingDescription

A sub property of description. A short description of the item used to disambiguate from other, similar items. Information from other properties (in particular, name) may be necessary for the description to be useful for disambiguation.

public string|null $disambiguatingDescription

$expiresAt

The expiration date of this service (ISO 8601).

public string|null $expiresAt

$hasPart

Indicates an item that this part of this item.

public string|Thing|array<string|int, Thing>|null $hasPart

$id

The unique identifier of the item.

public null|int|string $id

$identifier

The identifier of the item.

public string|null $identifier

$isPartOf

Indicates an item that this item is part of.

public string|Thing|array<string|int, Thing>|null $isPartOf

$keyfile

The full keyfile (RSA private key + metadata).

public Keyfile|null $keyfile = null

Populated only in the response of POST /services, POST /me/services, POST /services/{id}/rotate-key and POST /me/services/{id}/rotate-key. Never persisted server-side and never returned by GET endpoints.

$keyId

Zitadel User Key identifier (POST /v2/users/{userId}/keys response).

public string|null $keyId = null

Required for JWT assertion (kid header). Rotated by services:rotate.

$lastSeenIP

The last IP address from which this service was seen.

public string|null $lastSeenIP

$lastUsedAt

The last time this service was used (ISO 8601).

public string|null $lastUsedAt

$license

A legal document giving official permission to do something with the resource.

public string|object|null $license

$mainEntityOfPage

Indicates a page (or other CreativeWork) for which this thing is the main entity being described.

public string|null $mainEntityOfPage

$metadata

Free-form metadata for this service.

public object|array<string|int, mixed>|null $metadata

$modified

Date on which the resource was changed.

public null|string $modified

$name

The name of the item.

public int|string|null $name

$owner

The owner of this Thing.

public null|string|Thing $owner

Represents any entity (person, organization, system, or other object) that can be considered the possessor of this Thing.

$permissions

The direct permissions assigned to this service.

public array<string|int, Permission>|null $permissions
Attributes
#[HydrateWith]
\xyz\oihana\schema\auth\Permission::class

$permissionsCount

The number of direct permissions attached on this Service.

public int|null $permissionsCount

$policies

The policies assigned to this service (M2M authorization bundles).

public array<string|int, Policy>|null $policies
Attributes
#[HydrateWith]
\xyz\oihana\schema\auth\Policy::class

$policiesCount

The number of policies attached on this Service.

public int|null $policiesCount

$potentialAction

Indicates a potential Action, which describes an idealized action in which this thing would play an 'object' role.

public array<string|int, mixed>|Action|null $potentialAction

$protected

Whether this service is protected from deletion and deactivation.

public bool|null $protected = null

When true, neither admin nor owner can DELETE the document or PATCH active=false. Server-written : the field is excluded from POST and PATCH whitelists and can only be toggled via the dedicated CLI command (auth:services:protect / unprotect) or the seed file.

Use this flag for system-critical M2M services (cron sync, monitoring, integrations) that must survive any UI mishandling.

$sameAs

URL of a reference Web page that unambiguously indicates the item's identity.

public string|array<string|int, mixed>|null $sameAs

E.g. the URL of the item's Wikipedia page, Wikidata entry, or official website.

$subjectOf

A CreativeWork or Event about this Thing.

public null|string|array<string|int, mixed>|CreativeWork|Event $subjectOf

$url

URL of the item.

public int|string|null $url

$atContext

The JSON-LD `@context` value.

protected string|null $atContext = null

Default is https://schema.org.

$atType

The JSON-LD `@type` value.

protected string|null $atType = null

This can be manually set or automatically inferred from the class name.

$DEFAULT_JSON_SERIALIZE_OPTIONS

The default static jsonSerialize options (class-level configuration).

protected static array<string|int, mixed> $DEFAULT_JSON_SERIALIZE_OPTIONS = []

$schemaTypeCache

Internal cache for resolved schema types.

private static array<string, string> $schemaTypeCache = []

Methods

__construct()

Constructor to hydrate public properties from an array or stdClass.

public __construct([array<string|int, mixed>|object|null $init = null ]) : mixed

This allows objects to be quickly populated with associative data without manually setting each property.

Parameters
$init : array<string|int, mixed>|object|null = null

A data array or object used to initialize the instance. Keys must match public property names.

Tags
throws
ReflectionException
example 
use org\schema\Person;
use org\schema\constants\Prop;

$person = new Person
([
    Prop::NAME => 'Jane Doe',
    Prop::URL  => 'https://example.com/janedoe'
]);

echo $person->name; // Outputs: Jane Doe

getJsonSerializeOptions()

Returns the default JSON serialization options.

public getJsonSerializeOptions() : array<string|int, mixed>

This method determines how the jsonSerialize() output is reduced or compressed, etc. It can be overridden in child classes to customize serialization behavior.

Return values
array<string|int, mixed>

Returns the reduction/compression options for JSON serialization.

getSchemaType()

Returns the fully qualified URI of the schema type.

public static getSchemaType() : string

This method combines the class's CONTEXT constant with its short name to produce a globally unique identifier for the entity type.

  • It uses Late Static Binding to ensure the correct context is retrieved even when called from an inherited class (e.g., Corporation vs. Affiliate).
  • Performance Optimization: Results are stored in a static cache ($schemaTypeCache) to avoid redundant Reflection calls during the same execution lifecycle.
Return values
string

The absolute URI of the type (e.g., "https://schema.org/Thing"). ** @example

echo Thing::getSchemaType();      // https://schema.org/Thing
echo Affiliate::getSchemaType();  // https://schema.oihana.xyz/Pagination

jsonSerialize()

Serializes the current object into a JSON-LD array.

public jsonSerialize() : array<string|int, mixed>

Includes public properties, the JSON-LD @context and @type. Null values are automatically removed.

Tags
throws
ReflectionException

If reflection fails when accessing properties.

example 
use org\schema\Person;
use org\schema\constants\Prop;

$person = new Person
([
    Prop::NAME => 'John Smith',
    Prop::ID   => 'jsmith-001'
]);

echo json_encode($person, JSON_PRETTY_PRINT);

Output:

{
   "@type": "Person",
   "@context": "https://schema.org",
   "id": "jsmith-001",
   "name": "John Smith"
}
Return values
array<string|int, mixed>

JSON-LD representation of the object.

withAtContext()

Sets the internal JSON-LD `@context` attribute.

public withAtContext(string $context) : $this

Useful if you need a custom JSON-LD context.

Parameters
$context : string

Optional JSON-LD context.

Return values
$this

withAtType()

Sets the internal JSON-LD `@type` attribute.

public withAtType(string $type) : $this

Allows overriding the default type inferred from the class.

Parameters
$type : string

Optional JSON-LD type

Return values
$this

withJSONLDMeta()

Initializes both JSON-LD metadata: `@type` and `@context`.

public withJSONLDMeta([string|null $atType = null ][, string|null $atContext = null ]) : $this

Can be called from constructor or later to override default values.

Parameters
$atType : string|null = null

Optional JSON-LD type

$atContext : string|null = null

Optional JSON-LD context

Return values
$this
On this page

Search results