适用于Azure AD租户/用户数的PHP Api
[英]PHP Api for Azure AD tenant/User Count
问题描述
I am trying to write some billing scripts to count the tenants/users in our partner account with microsoft azure AD. 
我正在尝试编写一些计费脚本,以计算带有Microsoft Azure AD的合作伙伴帐户中的租户/用户。 I am at the authorization step. 我正在授权步骤。
I have tried multiple docs from microsoft, but none of them have got me going in the right direction. 我曾尝试过Microsoft的多个文档,但没有一个使我朝着正确的方向发展。
If i send the below, (where tenant is the id i see in the properties page on azure portal) I get url not found. 如果我发送以下信息,(其中房客是我在azure门户的属性页中看到的ID),则找不到URL。 From this Doc 从这个文件
GET https://login.microsoftonline.com/{tenant}/adminconsent
?client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=https://localhost/myapp/permissions
I have registered the app in the azure portal. 我已经在Azure门户中注册了该应用程序。
In other various attempts, I am seeing the concept of a redirect-url. 在其他各种尝试中,我看到了重定向URL的概念。 I don't have one and don't want one. 我没有一个,也不想一个。 My scripts will connect to azure api, count tenants/users, then disconnect. 我的脚本将连接到azure api,计算租户/用户,然后断开连接。 I am probably way off, and probably get -1,000,000 for this question, but i just cant seem to get to the docs to help me get started. 我可能还差得远,这个问题可能会得到-1,000,000,但我似乎无法获得帮助我入门的文档。
EDIT: 编辑:
I am not expecting a redirect. 我不希望重定向。 In essence i envision: 本质上,我设想:
script -> AAD (sends token request) 脚本-> AAD(发送令牌请求)
AAD -> script (sends back token) AAD->脚本(发送回令牌)
script2 -> AAD (sends api call to count users with token) script2-> AAD(发送api调用以对具有令牌的用户进行计数)
1 个解决方案
解决方案1
1 已采纳 2019-06-25 15:07:44
Here is the general approach to your task (just skip steps you've already performed): 这是完成任务的一般方法(只需跳过已经执行的步骤):
- Register a new Azure AD application with the Web app / API application type (in a new App registrations blade just set it's Redirect URI as http://localhost ) . 使用Web应用程序/ API应用程序类型注册一个新的Azure AD应用程序(在新的应用程序注册刀片中,只需将其重定向URI设置为http:// localhost即可 )。 Write down its Application (client) ID ( $client_id ); 写下其应用程序(客户端)ID( $ client_id );
- Generate and write down a new Client secret for it ( $client_secret ); 为其生成并记下新的客户端机密( $ client_secret );
- Give it the following API permission: API – Microsoft Graph, Permission – Directory.Read.All (Application permission). 为它提供以下API权限:API – Microsoft Graph,权限– Directory.Read.All(应用程序权限)。 Grant admin consent: 授予管理员同意:
Make the POST request:
发出POST请求: - URL: https://login.microsoftonline.com/ {yourtenantname}.onmicrosoft.com/oauth2/v2.0/token 网址: https ://login.microsoftonline.com/ {yourtenantname} .onmicrosoft.com / oauth2 / v2.0 / token
- Body: 身体:
{ "grant_type": "client_credentials", "client_id": $client_id, "client_secret": $client_secret, "scope": "https://graph.microsoft.com/.default" }- URL: https://login.microsoftonline.com/ {yourtenantname}.onmicrosoft.com/oauth2/v2.0/token
- Successful response will contain JWT token in the 'access_token' property, get it ( $access_token ); 成功的响应将在'access_token'属性中包含JWT令牌,获取它( $ access_token );
Now you can make Graph API calls using this access token.
现在,您可以使用此访问令牌进行Graph API调用。 For example, this GET request will return you the list of users (top 100 of them, to be exact. If there are more, you could add ?$top=999query parameter, and if there are more than 1000, you'll probably want to use paging ):例如,此GET请求将向您返回用户列表(确切地说,是用户的前100名。如果有更多用户,则可以添加?$top=999查询参数,如果有1000个以上,则将可能想使用分页 ):- URL: https://graph.microsoft.com/v1.0/users 网址: https : //graph.microsoft.com/v1.0/users
- Headers: 头:
{ "Authorization": "Bearer $token", "Content-Type": "application/json" }- URL: https://graph.microsoft.com/v1.0/users
Hope it helps. 希望能帮助到你。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.