Home > Article > Backend Development > Detailed example of how php obtains Azure Active Directory token
When calling the Azure Rest API, if it is an API belonging to Azure Resource Manager, you need to use Azure Active Directory (Azure AD) authentication to obtain a token (Token) before you can access it.
The following are the steps to create an Azure AD application and authorize it to access resources that manage Azure:
For a better reading experience, you can also click here.
Note
The following authentication methods are only applicable to Azure Resource Manager API. That is, the API with the endpoint management.chinacloudapi.cn
is not applicable to the API of Azure Service Manager (the API with the endpoint management.core.chinacloudapi.cn
).
Log in to your Azure account (PowerShell)
##Record the obtained TenantID for subsequent use. Select the current subscription IDSet the current subscription. This step needs to be performed in a multi-subscription environment:
Set-AzureRmContext -SubscriptionId <subscription ID>Create AD applicationView the newly created application object and the attribute ApplicationId, which will be used to create service credentials, role settings and Access Token later.
$azureAdApplication = New-AzureRmADApplication -DisplayName "exampleapp" -HomePage "https://www.contoso.org" -IdentifierUris "https://www.contoso.org/example" -Password "<Your_Password>"Create Service CredentialsAzure AD Application Create Service Credentials:
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationIdAfter the service credential is created, it does not have any permissions initially. We need to set the permission scope for it. AuthorizationAdd role settings for your service credentials. In this example, set read permissions for your service credentials to access all resources under your subscription. If you want to learn more, please refer to: Azure Role-based Access Control.
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationIdThere are three permission settings for
RoleDefinitionName:
$tenlent_id = 'Your Sub Tenlent ID'; $client_id = 'Application ID'; $client_secret = 'Application Password'; $auth_url = 'https://login.chinacloudapi.cn/'.$tenlent_id.'/oauth2/token?api-version=1.0'; $auth = curl_init($auth_url); $post_data= 'grant_type=client_credentials&resource=https://management.chinacloudapi.cn/&client_id='.$client_id.'&client_secret='.urlencode($client_secret); curl_setopt_array($auth, array( CURLOPT_VERBOSE => 1, CURLOPT_POST => 1, CURLOPT_POSTFIELDS => $post_data, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded' ) )); curl_exec($atuh); echo "\n";After executing the query, you will get the Token data, and access_token is the access Token.
{ "token_type": "Bearer", "expires_in": "3600", "expires_on": "1455680701", "not_before": "1455676801", "resource": "https://management.azure.com/", "access_token": "eyJ0eXAiOi…" }Then add the Authorization Header setting to the API request you want to access, and set its value to: Bearer must be added before Token. Call example:
$token = 'eyJ0eXA…'; $host = 'management.chinacloudapi.cn'; $version = '2015-09-01'; $url = 'https://'.$host.'/subscriptions/5bbf0cbb-647d-4bd8-b4e6-26629f109bd7/resourceGroups/Default-MySql-ChinaNorth/providers/Microsoft.MySql/servers/poddbtest/databases/kevintest?api-version='.$version; $ch = curl_init($url); $data = array( 'properties' => array( 'charset' => 'utf8', 'collation' => 'utf8_general_ci' ), ); $json = json_encode($data); curl_setopt_array($ch, array( CURLOPT_VERBOSE => 1, CURLOPT_CUSTOMREQUEST => 'PUT', CURLOPT_POSTFIELDS => $json, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => array( 'Content-type:application/json', 'Authorization:Bearer '.$token ) )); $ret =curl_exec($ch); if (empty($ret)) { // some kind of an error happened echo 'Curl error: ' . curl_error($ch); } else { $info = curl_getinfo($ch); } echo "\n";
The above is the detailed content of Detailed example of how php obtains Azure Active Directory token. For more information, please follow other related articles on the PHP Chinese website!