堆栈内存溢出
  简体   繁体   English

按租户和应用 ID 创建 Azure AD 用户

[英]Create Azure AD user by tenant and app ID

 原文  2020-12-13 13:56:01       php/ azure/ azure-ad-graph-api

问题描述

How I can create a user by Client secrets in Azure AD with PHP?如何使用 PHP 在 Azure AD 中通过客户端密码创建用户?

I need access token in below code to create a user.我需要下面代码中的访问令牌来创建用户。 To have this token I need to login first.要拥有这个令牌,我需要先登录。 How I can create a user automatically without any login.如何在没有任何登录的情况下自动创建用户。

curl_setopt_array($curl, array(
          CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
          CURLOPT_RETURNTRANSFER => true,
          CURLOPT_ENCODING => '',
          CURLOPT_MAXREDIRS => 10,
          CURLOPT_TIMEOUT => 0,
          CURLOPT_FOLLOWLOCATION => true,
          CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
          CURLOPT_CUSTOMREQUEST => 'POST',
          CURLOPT_POSTFIELDS =>'{
                  "accountEnabled": true,
                  "displayName": "Adele Vance",                  
                  "userPrincipalName": "adelev2@xxx.net",
                  "passwordProfile" : {
                    "forceChangePasswordNextSignIn": true,
                    "password": "xWwvJ]6NMw+bWH-d"
          }
        }',
          CURLOPT_HTTPHEADER => array(
            "Authorization: Bearer $accessToken",
            "Content-Type: application/json"
          ),
        ));

2 个解决方案

解决方案1
 1  2020-12-13 15:40:58

You can refer to this sample , which uses a daemon that does not require user login, and uses the client credential flow to obtain an access token to call MS graph api to create a user.您可以参考这个示例,它使用了一个不需要用户登录的守护进程,并使用客户端凭证流获取访问令牌来调用MS graph api创建用户。 You need to grant User.ReadWrite.All application permissions for the application.您需要授予该应用程序的User.ReadWrite.All application permissions

在此处输入图像描述

解决方案2
 0 已采纳  2020-12-13 15:57:12

With special thanks to Carl which provide useful links I did it by using two below functions:特别感谢 Carl 提供了有用的链接,我使用以下两个函数完成了此操作:

I receive a token by calling getToken function and use it in getToken to create a user without any previous login.我通过调用getToken function 收到一个令牌,并在getToken中使用它来创建一个没有任何先前登录的用户。


function getToken() {
       
    $curl = curl_init();
    
    $dir = env('OAUTH_DIR_ID');
    $clientId = env('OAUTH_APP_ID');
    $secretKey = env('OAUTH_APP_PASSWORD');
    
    curl_setopt_array($curl, array(
        CURLOPT_URL => "https://login.microsoftonline.com/$dir/oauth2/v2.0/token",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => '',
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 0,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => 'POST',
        CURLOPT_POSTFIELDS => "client_id=$clientId&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$secretKey&grant_type=client_credentials",
        CURLOPT_HTTPHEADER => array(
            'Content-Type: application/x-www-form-urlencoded',
            'x-ms-gateway-slice=estsfd; stsservicecookie=estsfd'
        ),
    ));
    
    $response = curl_exec($curl);
    
    curl_close($curl);
    echo $response;
    
}

function addUser($accessToken)
{
    try {

        $curl = curl_init();
        
        curl_setopt_array($curl, array(
          CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
          CURLOPT_RETURNTRANSFER => true,
          CURLOPT_ENCODING => '',
          CURLOPT_MAXREDIRS => 10,
          CURLOPT_TIMEOUT => 0,
          CURLOPT_FOLLOWLOCATION => true,
          CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
          CURLOPT_CUSTOMREQUEST => 'POST',
          CURLOPT_POSTFIELDS =>'{
                  "accountEnabled": true,
                  "displayName": "Adele Vance",                  
                  "userPrincipalName": "adelev2@yoed.net",
                  "passwordProfile" : {
                    "forceChangePasswordNextSignIn": true,
                    "password": "xWwvJ]6NMw+bWH-d"
          }
        }',
          CURLOPT_HTTPHEADER => array(
            "Authorization: Bearer $accessToken",
            "Content-Type: application/json"
          ),
        ));
        
        $response = curl_exec($curl);
        
        curl_close($curl);
        
        var_dump($response); // Debug print
        exit();
        
        
    } catch (Error $ex) {
        $home = env('APP_URL');
        header("Location: $home/signin.php?err=" . $ex->getMessage());
        die();
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 适用于Azure AD租户/用户数的PHP Api - PHP Api for Azure AD tenant/User Count Azure AD SSO = AADSTS50020-多租户,如何允许外部租户注册到我的应用程序? - Azure AD SSO = AADSTS50020 - multi-tenant, How do I allow external tenants to register to my app? 通过 Laravel azure ad oauth 从 Azure AD 获取用户角色 - Get the user role from Azure AD by Laravel azure ad oauth 在 Azure AD B2C(gmail 等...)中使用其他邮件提供商创建用户 - Create user with other mail provider in Azure AD B2C (gmail,etc...) 在PHP中获取Azure AD用户角色 - Get Azure AD User Roles In PHP 如何获取已登录用户的Azure AD访问令牌? - How to get Azure AD access token for already logged in user? Azure AD是否提供API方法来以编程方式验证用户? - Does Azure AD provide an API method to validate a user programmatically? Microsoft Graph SSO Azure AD 未将用户重定向到登录页面 - Microsoft Graph SSO Azure AD not redirecting user to Login page Azure AD Auth - 仅注销特定应用程序/? - Azure AD Auth - log out of specific app/ only? 是否可以将Azure AD应用程序部署到另一个Office 365帐户? - Is it possible to deploy an Azure AD app to another Office 365 account?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM