Credential
An opaque wrapper around a raw secret (a bearer token, a session cookie value, …) plus its {@see self::$type}. Its whole reason to exist is that the raw value MUST NOT leak: it is the one thing in the system that, printed to a log or an error, hands an attacker the keys. It uses the idiomatic modern-PHP shape for a secret-bearing value object: the value is a `private readonly` property marked `#[\SensitiveParameter]` at construction (so it is redacted from stack-trace argument dumps), {@see self::__debugInfo()} redacts it (so `print_r`/`var_dump` render `['type' => …, 'value' => '[redacted]']`), both {@see self::__serialize()} and {@see self::__clone()} refuse outright (a secret must never survive serialization — a record rebuilt with `'[redacted]'` would be a silent bomb, so we fail loudly instead). There is deliberately NO `__toString()`: casting a Credential to a string is a bug, and must raise an Error rather than quietly hand back — or leak — the secret. The one deliberate exit is {@see self::value()}, for the verifier that actually has to check the secret. Treat any other appearance of the raw value as a security bug.
Credential::__construct()
public function __construct(string $value, Milpa\Auth\CredentialType $type):Parameters
| Name | Type | Description |
|---|---|---|
| $value | string | |
| $type | Milpa\Auth\CredentialType |
Credential::bearer()
public static function bearer(string $value): selfA bearer-token credential — the `Authorization: Bearer …` case.
Parameters
| Name | Type | Description |
|---|---|---|
| $value | string |
Credential::cookie()
public static function cookie(string $value): selfA cookie credential — the session-cookie case.
Parameters
| Name | Type | Description |
|---|---|---|
| $value | string |
Credential::value()
public function value(): stringCredential::__debugInfo()
public function __debugInfo(): arrayCredential::__serialize()
public function __serialize(): arrayThrows
\LogicException always
Credential::__clone()
public function __clone(): void