Skip to content
Advertisement

Get user details with Azure Auth MFA – Multi factor authentication

I am trying to use Azure Auth MFA for my PHP application, everything seems to be working fine and I get True returned when I echo $result at the end of script. But how do I get user details from here, for example the users login ID, AD ID

I have tried client principal name, but it does not return anythin

            $request_headers[] = 'X-MS-CLIENT-PRINCIPAL-NAME'

PFB full code

            if (!isset($_GET['code'])) {
            
                $authUrl = "https://login.microsoftonline.com/iaddtenanidhere/oauth2/authorize?";
                $authUrl .= "client_id=iaddclientidhere";
                $authUrl .= "&response_type=code";
                $authUrl .= "&redirect_uri=https%3A%2F%2Fkeralapitbulls.com%2F";
                $authUrl .= "&response_mode=query";
                $authUrl .= "&resource=https%3A%2F%2Fgraph.microsoft.com%2F";
                $authUrl .= "&state=12345";
                header('Location: '.$authUrl);
                exit;
                
                
                } else if(isset($_GET['code'])){
                
                
                $accesscode = $_GET['code'];
                $ch = curl_init();
                curl_setopt($ch, CURLOPT_URL,"https://login.microsoftonline.com/common/oauth2/token");
                curl_setopt($ch, CURLOPT_POST, 1);
                $client_id = "iaddclientidhere";
                $client_secret = "iaddkeyhere";
                curl_setopt($ch, CURLOPT_POSTFIELDS,
                "grant_type=authorization_code&client_id=".$client_id."&redirect_uri=https%3A%2F%2Fkeralapitbulls.com%2F&resource=https%3A%2F%2Fgraph.microsoft.com%2F&&code=".$accesscode."&client_secret=".urlencode($client_secret));
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                $server_output = curl_exec ($ch);
                curl_close ($ch);
                $jsonoutput = json_decode($server_output, true);
                
                /* print_r($jsonoutput);
                jsonoutput prints fine */
                
                $bearertoken = $jsonoutput['access_token'];
                $url = "graph.microsoft.com";
                $ch = curl_init($url);
                $User_Agent = 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31';
                $request_headers = array();
                $request_headers[] = 'User-Agent: '. $User_Agent;
                $request_headers[] = 'Accept: application/json';
                $request_headers[] = 'Authorization: Bearer '. $bearertoken;
                
                // $request_headers[] = 'X-MS-CLIENT-PRINCIPAL-NAME'; // does not return anything
                
                curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
                $result = curl_exec($ch);
                curl_close($ch);
                echo $result; // returns true

            }

print_r($jsonoutput) //looks good

                Array
                (
                [token_type] => Bearer
                [scope] => User.Read
                [expires_in] => 3599
                [ext_expires_in] => 3599
                [expires_on] => 1617785679
                [not_before] => 1617781779
                [resource] => https://graph.microsoft.com/
                [access_token] => eyJ0eXAiOiJKV1QiLCJub25jZSI6IlpuczFwWHloaWUxRy more
                [refresh_token] => 0.ASUA5MSKJWoUHkGdyHmp4S_W2kF1yjPM0 more
                [id_token] => efghfghfghfgh1QiLCJub25jZSI6IlpuczFwWHloaWUxRy more
                )

Advertisement

Answer

In fact you can directly replace $url = "graph.microsoft.com"; with $url = "https://graph.microsoft.com/v1.0/me"; to get the user information.

Parsing the access token can also get user details (adding X-MS-CLIENT-PRINCIPAL-NAME as a request header).

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement