How to get Azure Active Directory token using PHP

When calling the Azure Rest API, if it is an API belonging to Azure Resource Manager, you need to use Azure Active Directory (Azure AD) authentication to obtain a token (Token) before you can access it.

The following are the steps to create an Azure AD application and authorize it to access resources that manage Azure:

For a better reading experience, you can also click here.

Note

The following authentication methods are only applicable to Azure Resource Manager API. That is, the API with the endpoint management.chinacloudapi.cn is not applicable to the API of Azure Service Manager (the API with the endpoint management.core.chinacloudapi.cn).

Log in to your Azure account (PowerShell)

# # Record the obtained TenantID for subsequent use.

Select the current subscription ID

Set the current subscription. This step needs to be performed in a multi-subscription environment:

Set-AzureRmContext -SubscriptionId <subscription ID>

Create AD application

View new The created application object and attribute ApplicationId will be used to create service credentials, role settings and Access Token later.

$azureAdApplication = New-AzureRmADApplication -DisplayName "exampleapp" -HomePage "https://www.contoso.org" -IdentifierUris "https://www.contoso.org/example" -Password "<Your_Password>"

Create Service Credentials

Azure AD App Create Service Credentials:

New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId

When created After completing the service credentials, there is no permission initially. We need to set the permission scope for it.

Authorization

Add role settings for your service credentials. In this example, set read permissions for your service credentials to access all resources under your subscription. If you want to learn more, please refer to: Azure Role-based Access Control.

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId

RoleDefinitionName has three permission settings:

1. Reader has read permissions for Azure resources.

2. Contributor has administrative rights to Azure resources, but cannot authorize others.

3. Owner has management rights to Azure resources and can also authorize others to manage them.

　

Call the Oauth2 API to obtain the Token

In this way, the Azure AD Application is created. We can use the following three pieces of information to Get the authentication Token.

1. telent-id corresponds to the telentID used in subscription information.

2. application-id ApplicationID returned by creating the application.

3. app password The password filled in when creating the application.

To obtain the Token, use the authentication interface of Azure login oauth2. If you want to know more, please refer to this document: Using the Azure Resource Manager REST API.

Please refer to the following code:

$tenlent_id = 'Your Sub Tenlent ID';
$client_id = 'Application ID';
$client_secret = 'Application Password';

$auth_url = 'https://login.chinacloudapi.cn/'.$tenlent_id.'/oauth2/token?api-version=1.0';
$auth = curl_init($auth_url);
$post_data= 'grant_type=client_credentials&resource=https://management.chinacloudapi.cn/&client_id='.$client_id.'&client_secret='.urlencode($client_secret);

curl_setopt_array($auth, array(
CURLOPT_VERBOSE => 1,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => $post_data,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded'
)
));
curl_exec($atuh);
echo "\n";

After executing the query, you will get the Token data, and access_token is the access Token.

{
"token_type": "Bearer",
"expires_in": "3600",
"expires_on": "1455680701",
"not_before": "1455676801",
"resource": "https://management.azure.com/",
"access_token": "eyJ0eXAiOi…"
}

Then add the Authorization Header setting to the header of the API request you want to access, and set its value to:

Token needs to be added before On Bearer.

Call example:

$token = 'eyJ0eXA…';
$host = 'management.chinacloudapi.cn';
$version = '2015-09-01';
$url = 'https://'.$host.'/subscriptions/5bbf0cbb-647d-4bd8-b4e6-26629f109bd7/resourceGroups/Default-MySql-ChinaNorth/providers/Microsoft.MySql/servers/poddbtest/databases/kevintest?api-version='.$version;
$ch = curl_init($url);
$data = array(
'properties' => array(
'charset' => 'utf8',
'collation' => 'utf8_general_ci'
),
);
$json = json_encode($data);

curl_setopt_array($ch, array(
CURLOPT_VERBOSE => 1,
CURLOPT_CUSTOMREQUEST => 'PUT',
CURLOPT_POSTFIELDS => $json,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_HTTPHEADER => array(
'Content-type:application/json',
'Authorization:Bearer '.$token
)
));

$ret =curl_exec($ch);
if (empty($ret)) {
    // some kind of an error happened
    echo 'Curl error: ' . curl_error($ch);
} else {
    $info = curl_getinfo($ch);
}
echo "\n";

The above is the detailed content of How to get Azure Active Directory token using PHP. For more information, please follow other related articles on the PHP Chinese website!