I am trying to use Azure Auth MFA for my PHP application, everything seems to be working fine and I get True returned when I echo $result at the end of script. But how do I get user details from here, for example the users login ID, AD ID
I have tried client principal name, but it does not return anythin
$request_headers[] = 'X-MS-CLIENT-PRINCIPAL-NAME'
PFB full code
if (!isset($_GET['code'])) { $authUrl = "https://login.microsoftonline.com/iaddtenanidhere/oauth2/authorize?"; $authUrl .= "client_id=iaddclientidhere"; $authUrl .= "&response_type=code"; $authUrl .= "&redirect_uri=https%3A%2F%2Fkeralapitbulls.com%2F"; $authUrl .= "&response_mode=query"; $authUrl .= "&resource=https%3A%2F%2Fgraph.microsoft.com%2F"; $authUrl .= "&state=12345"; header('Location: '.$authUrl); exit; } else if(isset($_GET['code'])){ $accesscode = $_GET['code']; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"https://login.microsoftonline.com/common/oauth2/token"); curl_setopt($ch, CURLOPT_POST, 1); $client_id = "iaddclientidhere"; $client_secret = "iaddkeyhere"; curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=authorization_code&client_id=".$client_id."&redirect_uri=https%3A%2F%2Fkeralapitbulls.com%2F&resource=https%3A%2F%2Fgraph.microsoft.com%2F&&code=".$accesscode."&client_secret=".urlencode($client_secret)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $server_output = curl_exec ($ch); curl_close ($ch); $jsonoutput = json_decode($server_output, true); /* print_r($jsonoutput); jsonoutput prints fine */ $bearertoken = $jsonoutput['access_token']; $url = "graph.microsoft.com"; $ch = curl_init($url); $User_Agent = 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31'; $request_headers = array(); $request_headers[] = 'User-Agent: '. $User_Agent; $request_headers[] = 'Accept: application/json'; $request_headers[] = 'Authorization: Bearer '. $bearertoken; // $request_headers[] = 'X-MS-CLIENT-PRINCIPAL-NAME'; // does not return anything curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers); $result = curl_exec($ch); curl_close($ch); echo $result; // returns true }
print_r($jsonoutput) //looks good
Array ( [token_type] => Bearer [scope] => User.Read [expires_in] => 3599 [ext_expires_in] => 3599 [expires_on] => 1617785679 [not_before] => 1617781779 [resource] => https://graph.microsoft.com/ [access_token] => eyJ0eXAiOiJKV1QiLCJub25jZSI6IlpuczFwWHloaWUxRy more [refresh_token] => 0.ASUA5MSKJWoUHkGdyHmp4S_W2kF1yjPM0 more [id_token] => efghfghfghfgh1QiLCJub25jZSI6IlpuczFwWHloaWUxRy more )
Advertisement
Answer
In fact you can directly replace $url = "graph.microsoft.com";
with $url = "https://graph.microsoft.com/v1.0/me";
to get the user information.
Parsing the access token can also get user details (adding X-MS-CLIENT-PRINCIPAL-NAME
as a request header).