Home >Backend Development >PHP Tutorial >How to get Azure Active Directory token using PHP
When calling the Azure Rest API, if it is an API belonging to Azure Resource Manager, you need to use Azure Active Directory (Azure AD) authentication to obtain a token (Token) before you can access it.
The following are the steps to create an Azure AD application and authorize it to access resources that manage Azure:
For a better reading experience, you can also click here.
Note
The following authentication methods are only applicable to Azure Resource Manager API. That is, the API with the endpoint management.chinacloudapi.cn
is not applicable to the API of Azure Service Manager (the API with the endpoint management.core.chinacloudapi.cn
).
Log in to your Azure account (PowerShell)
# # Record the obtained TenantID for subsequent use.
Set-AzureRmContext -SubscriptionId <subscription ID>Create AD applicationView new The created application object and attribute ApplicationId will be used to create service credentials, role settings and Access Token later.
$azureAdApplication = New-AzureRmADApplication -DisplayName "exampleapp" -HomePage "https://www.contoso.org" -IdentifierUris "https://www.contoso.org/example" -Password "<Your_Password>"Create Service CredentialsAzure AD App Create Service Credentials:
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationIdWhen created After completing the service credentials, there is no permission initially. We need to set the permission scope for it.
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApplication.ApplicationId
RoleDefinitionName has three permission settings:
$tenlent_id = 'Your Sub Tenlent ID'; $client_id = 'Application ID'; $client_secret = 'Application Password'; $auth_url = 'https://login.chinacloudapi.cn/'.$tenlent_id.'/oauth2/token?api-version=1.0'; $auth = curl_init($auth_url); $post_data= 'grant_type=client_credentials&resource=https://management.chinacloudapi.cn/&client_id='.$client_id.'&client_secret='.urlencode($client_secret); curl_setopt_array($auth, array( CURLOPT_VERBOSE => 1, CURLOPT_POST => 1, CURLOPT_POSTFIELDS => $post_data, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => array( 'Content-Type: application/x-www-form-urlencoded' ) )); curl_exec($atuh); echo "\n";After executing the query, you will get the Token data, and access_token is the access Token.
{ "token_type": "Bearer", "expires_in": "3600", "expires_on": "1455680701", "not_before": "1455676801", "resource": "https://management.azure.com/", "access_token": "eyJ0eXAiOi…" }Then add the Authorization Header setting to the header of the API request you want to access, and set its value to: Token needs to be added before On Bearer. Call example:
$token = 'eyJ0eXA…'; $host = 'management.chinacloudapi.cn'; $version = '2015-09-01'; $url = 'https://'.$host.'/subscriptions/5bbf0cbb-647d-4bd8-b4e6-26629f109bd7/resourceGroups/Default-MySql-ChinaNorth/providers/Microsoft.MySql/servers/poddbtest/databases/kevintest?api-version='.$version; $ch = curl_init($url); $data = array( 'properties' => array( 'charset' => 'utf8', 'collation' => 'utf8_general_ci' ), ); $json = json_encode($data); curl_setopt_array($ch, array( CURLOPT_VERBOSE => 1, CURLOPT_CUSTOMREQUEST => 'PUT', CURLOPT_POSTFIELDS => $json, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => array( 'Content-type:application/json', 'Authorization:Bearer '.$token ) )); $ret =curl_exec($ch); if (empty($ret)) { // some kind of an error happened echo 'Curl error: ' . curl_error($ch); } else { $info = curl_getinfo($ch); } echo "\n";
The above is the detailed content of How to get Azure Active Directory token using PHP. For more information, please follow other related articles on the PHP Chinese website!