连接第二个“静态”Azure office365帐户而无需登录(已提供凭据)的正确方法是什么?
[英]What is the correct way to connect a second 'static' Azure office365 account without needing to login (credentials already given)?
问题描述
The company that I work for is a very large one with 5000+ employees. 
我工作的公司是一个非常庞大的公司,拥有5000多名员工。 Because of that, we have licenses with Azure and all out emails and servers run on their platform. 因此,我们拥有Azure许可,所有电子邮件和服务器都在其平台上运行。 I've build an application for our internal business (intranet). 我已经为我们的内部业务(内部网)构建了一个应用程序。 This application uses SSO to login our users and block external users that are not in our tenant. 此应用程序使用SSO登录我们的用户并阻止不在我们租户中的外部用户。 The board came to me, asking if we could use one global e-mail account to manage all company events and announcements via the calendar. 董事会来找我,询问我们是否可以使用一个全球电子邮件帐户通过日历管理所有公司活动和公告。 I've searched for a while now (3 weeks) and could not find anything related to what I am about to do (in PHP). 我已经搜索了一段时间(3周),找不到任何与我将要做的事情有关的事情(在PHP中)。
I need a connection with microsoft graph via php that automatically logs the 'statically' given e-mail address in and spits out all the calendar events between 2 dates. 我需要通过php连接微软图表,自动记录“静态”给定的电子邮件地址并吐出2个日期之间的所有日历事件。 The microsoft graph api is full of previews of this but it is all written for 'public' e-mail addresses and not the more secure Azure ones. 微软图api充满了预览,但它都是为“公共”电子邮件地址而不是更安全的Azure电子邮件地址编写的。
I have the connection set with a Bearer token but that returns expired by default. 我有一个带有Bearer令牌的连接集,但默认情况下返回已过期。
What i have so far: 到目前为止我有什么:
$tenantAppUrl = "https://login.microsoftonline.com/“.$tenantid;
$tenantHostUrl = "login.microsoftonline.com”;
$requesturl = "https://login.microsoftonline.com/“.$tenantid."/oauth2/token?api-version=1.6”;
$post_params = array(
"client_id" => $clientid,
"client_secret" => $clientsecret,
"resource" => "https://graph.windows.net/",
"grant_type" => "client_credentials"
);
$headers = array(
"POST: " . $tenantAppUrl . " HTTP/1.1",
"Content-Type: application/x-www-form-urlencoded",
"Host: " . $tenantHostUrl,
"cache-control: no-cache",
'Content-Length: ' . strlen(json_encode($post_params))
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $fullurl);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HEADER, $headers);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_params);
$response = json_decode(curl_exec($curl), false);
curl_close($curl);
The above returns a Bearer token that has expired 2 hours ago. 以上内容返回2小时前已过期的Bearer令牌。
HTTP/1.1 100 Continue HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: application/json; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff x-ms-request-id: 2f26979b-c336-44a3-a9c9-d4d785758c00 P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Set-Cookie: fpc=AsIZpMH6undMozQVDrbmPxTWEVd_AQAAAEeKP9QOAAAA; expires=Fri, 10-May-2019 06:55:04 GMT; path=/; secure; HttpOnly Set-Cookie: x-ms-gateway-slice=prod; path=/; secure; HttpOnly Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly Date: Wed, 10 Apr 2019 06:55:03 GMT Content-Length: 1448
{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"3599","expires_on":"1554882904","not_before":"1554879004","resource":"https://graph.windows.net/","access_token”:”<thetoken>"}
I expect a Bearer token that should be valid for at least 2 hours but it returns expired 2 hours ago instead of that. 我希望一个应该有效至少2小时的Bearer令牌,但它会在2小时前返回,而不是那个。
Why is this token expired and how do I use the 'renew'/'JWT' protocol in php to extend its usage to 1 month or more? 为什么此令牌已过期,如何在php中使用“续订”/“JWT”协议将其使用时间延长至1个月或更长时间?
Keep in mind, this account will not be logged-in by anyone. 请注意,此帐户不会被任何人登录。 It needs to happen automatically. 它需要自动发生。 (the credentials have been (secure) saved within the intranet admin environment). (凭据已经(安全)保存在Intranet管理环境中)。
And how do I get all the calendar events between 2 dates for Azure accounts? 如何获取Azure帐户的2个日期之间的所有日历事件? The url below is also described for 'public e-mail addresses. 下面的网址也会针对“公共电子邮件地址”进行描述。
https://docs.microsoft.com/en-us/graph/api/calendar-list-calendarview?view=graph-rest-1.0 https://docs.microsoft.com/en-us/graph/api/calendar-list-calendarview?view=graph-rest-1.0
1 个解决方案
解决方案1
0 2019-04-16 07:57:21
To determine the token lifetime, either the expires_in or expires_on parameter values could be utilized, per documentation : 要确定令牌生存期,可以使用expires_in或expires_on参数值,每个文档 :
-
expires_inHow long the access token is valid (in seconds)expires_in访问令牌的有效期(以秒为单位) -
expires_onThe time when the access token expires.expires_on访问令牌到期的时间。 The date is represented as the number of seconds from1970-01-01T0:0:0ZUTC until the expiration time.日期表示为从1970-01-01T0:0:0ZUTC到到期时间的秒数。 This value is used to determine the lifetime of cached tokens.此值用于确定缓存令牌的生存期。
In your example the response from /token endpoint tells the token will be expired after 3599 seconds or at 2019-04-10 07:55:04 ( in UTC by design ) 在您的示例中,来自/token端点的响应告诉令牌将在3599秒后或2019-04-10 07:55:04 ( 按UTC设计 )
To get a local expiration time set DateTime::setTimezone ( List of Supported Timezones ) as demonstrated below: 要获取本地到期时间,请设置DateTime::setTimezone ( 支持的时区列表 ),如下所示:
$expiredOn = DateTime::createFromFormat( 'U', $token->expires_on, new DateTimeZone('UTC'));
$expiredOn->setTimeZone(new DateTimeZone('Europe/Helsinki'));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.