How to get Azure Active Directory token functionality via PHP

一个新手
Release: 2023-03-16 13:02:01
Original
1313 people have browsed it

When calling the Azure Rest API, if it is an API belonging to Azure Resource Manager, you need to use Azure Active Directory (Azure AD) authentication to obtain a token (Token) before you can access it.

The following are the steps to create an Azure AD application and authorize it to access resources that manage Azure:

For a better reading experience, you can also click here.

Note

The following authentication methods are only applicable to Azure Resource Manager API. That is, the API with the endpoint management.chinacloudapi.cn is not applicable to the API of Azure Service Manager (the API with the endpoint management.core.chinacloudapi.cn).

Log in to your Azure account (PowerShell)

# #Record the obtained TenantID for subsequent use.

Select the current subscription ID

Set the current subscription. This step needs to be performed in a multi-subscription environment:

Set-AzureRmContext -SubscriptionId <subscription ID>
Copy after login

Create AD application

View the newly created application The object, attribute ApplicationId, will be used later to create service credentials, role settings and Access Token.

$azureAdApplication = New-AzureRmADApplication -DisplayName "exampleapp" -HomePage "https://www.contoso.org" -IdentifierUris "https://www.contoso.org/example" -Password "<Your_Password>"
Copy after login

Create service credentials

Azure AD application creates service credentials:

New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId
Copy after login

When created After completing the service credentials, there is no permission initially. We need to set the permission scope for it.

Authorization

Add role settings for your service credentials. In this example, set read permissions for your service credentials to access all resources under your subscription. If you want to learn more, please refer to: Azure Role-based Access Control.

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId
Copy after login

RoleDefinitionName has three permission settings:

  1. Reader has read permissions for Azure resources.

  2. Contributor has administrative rights to Azure resources, but cannot authorize others.

  3. Owner has management rights to Azure resources and can also authorize others to manage them.

 

Call the Oauth2 API to obtain the Token

In this way, the Azure AD Application is created. We can use the following three pieces of information to Get the authentication Token.

  1. telent-id corresponds to the telentID used in subscription information.

  2. application-id ApplicationID returned by creating the application.

  3. app password The password filled in when creating the application.

To obtain the Token, use the authentication interface of Azure login oauth2. If you want to know more, please refer to this document: Using the Azure Resource Manager REST API.

Please refer to the following code:

$tenlent_id = &#39;Your Sub Tenlent ID&#39;;
$client_id = &#39;Application ID&#39;;
$client_secret = &#39;Application Password&#39;;

$auth_url = &#39;https://login.chinacloudapi.cn/&#39;.$tenlent_id.&#39;/oauth2/token?api-version=1.0&#39;;
$auth = curl_init($auth_url);
$post_data= &#39;grant_type=client_credentials&resource=https://management.chinacloudapi.cn/&client_id=&#39;.$client_id.&#39;&client_secret=&#39;.urlencode($client_secret);

curl_setopt_array($auth, array(
CURLOPT_VERBOSE => 1,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $post_data,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPHEADER => array(
&#39;Content-Type: application/x-www-form-urlencoded&#39;
)
));
curl_exec($atuh);
echo "\n";
Copy after login

After executing the query, you will get the Token data, and access_token is the access Token.

{
"token_type": "Bearer",
"expires_in": "3600",
"expires_on": "1455680701",
"not_before": "1455676801",
"resource": "https://management.azure.com/",
"access_token": "eyJ0eXAiOi…"
}
Copy after login

Then add the Authorization Header setting to the header of the API request you want to access, and set its value to:

Token needs to be added before On Bearer.

Call example:

$token = &#39;eyJ0eXA…&#39;;
$host = &#39;management.chinacloudapi.cn&#39;;
$version = &#39;2015-09-01&#39;;
$url = &#39;https://&#39;.$host.&#39;/subscriptions/5bbf0cbb-647d-4bd8-b4e6-26629f109bd7/resourceGroups/Default-MySql-ChinaNorth/providers/Microsoft.MySql/servers/poddbtest/databases/kevintest?api-version=&#39;.$version;
$ch = curl_init($url);
$data = array(
&#39;properties&#39; => array(
&#39;charset&#39; => &#39;utf8&#39;,
&#39;collation&#39; => &#39;utf8_general_ci&#39;
),
);
$json = json_encode($data);

curl_setopt_array($ch, array(
CURLOPT_VERBOSE => 1,
CURLOPT_CUSTOMREQUEST => &#39;PUT&#39;,
CURLOPT_POSTFIELDS => $json,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPHEADER => array(
&#39;Content-type:application/json&#39;,
&#39;Authorization:Bearer &#39;.$token
)
));

$ret =curl_exec($ch);
if (empty($ret)) {
    // some kind of an error happened
    echo &#39;Curl error: &#39; . curl_error($ch);
} else {
    $info = curl_getinfo($ch);
}
echo "\n";
Copy after login

The above is the detailed content of How to get Azure Active Directory token functionality via PHP. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template