NOW() ORDER BY created_at DESC LIMIT 1', (string) $tenantId ); if (!is_array($result) || !isset($result['access_token_encrypted'])) { return null; } $encrypted = trim((string) $result['access_token_encrypted']); if ($encrypted === '') { return null; } try { return $this->settingsCryptoGateway->decryptString($encrypted); } catch (\Throwable) { return null; } } /** * Store a new token in the cache (encrypted, tenant-scoped). */ public function storeToken(int $tenantId, string $accessToken, \DateTimeInterface $expiresAt): bool { if ($tenantId <= 0 || $accessToken === '') { return false; } try { $encrypted = $this->settingsCryptoGateway->encryptString($accessToken); } catch (\Throwable) { return false; } // Remove existing tokens for this tenant first DB::delete( 'DELETE FROM helpdesk_oauth_token_cache WHERE tenant_id = ?', (string) $tenantId ); return (bool) DB::insert( 'INSERT INTO helpdesk_oauth_token_cache (tenant_id, access_token_encrypted, expires_at) VALUES (?, ?, ?)', (string) $tenantId, $encrypted, $expiresAt->format('Y-m-d H:i:s') ); } }