bearerToken(); if (!$token) { return response()->json(['message' => 'Unauthorized!'], 401); } $decoded = AuthService::verifyClientToken($token); if (!$decoded) { return response()->json(['message' => 'Invalid Token'], 401); } // Identify client by sub claim $clientId = $decoded->sub ?? null; if (!$clientId) { return response()->json(['message' => 'Invalid client in token'], 401); } $clients = config('api_clients.clients');; $client = collect($clients)->where('api_key', $clientId)->first(); if (!$client || ($client->is_revoked ?? false)) { return response()->json(['message' => 'Client not found or revoked'], 401); } // Attach client info to request $request->attributes->set('client', $client); return $next($request); } }