PHP Api for Azure AD tenant/User Count
Question
I am trying to write some billing scripts to count the tenants/users in our partner account with microsoft azure AD. I am at the authorization step.
I have tried multiple docs from microsoft, but none of them have got me going in the right direction.
If i send the below, (where tenant is the id i see in the properties page on azure portal) I get url not found. From this Doc
GET https://login.microsoftonline.com/{tenant}/adminconsent
?client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=https://localhost/myapp/permissions
I have registered the app in the azure portal.
In other various attempts, I am seeing the concept of a redirect-url. I don't have one and don't want one. My scripts will connect to azure api, count tenants/users, then disconnect. I am probably way off, and probably get -1,000,000 for this question, but i just cant seem to get to the docs to help me get started.
EDIT:
I am not expecting a redirect. In essence i envision:
script -> AAD (sends token request)
AAD -> script (sends back token)
script2 -> AAD (sends api call to count users with token)
1 answers
solution1
1 ACCPTED 2019-06-25 15:07:44
Here is the general approach to your task (just skip steps you've already performed):
- Register a new Azure AD application with the Web app / API application type (in a new App registrations blade just set it's Redirect URI as http://localhost ) . Write down its Application (client) ID ( $client_id );
- Generate and write down a new Client secret for it ( $client_secret );
- Give it the following API permission: API – Microsoft Graph, Permission – Directory.Read.All (Application permission). Grant admin consent:
Make the POST request:
- URL: https://login.microsoftonline.com/ {yourtenantname}.onmicrosoft.com/oauth2/v2.0/token
- Body:
{ "grant_type": "client_credentials", "client_id": $client_id, "client_secret": $client_secret, "scope": "https://graph.microsoft.com/.default" }- Successful response will contain JWT token in the 'access_token' property, get it ( $access_token );
Now you can make Graph API calls using this access token. For example, this GET request will return you the list of users (top 100 of them, to be exact. If there are more, you could add
?$top=999query parameter, and if there are more than 1000, you'll probably want to use paging ):- URL: https://graph.microsoft.com/v1.0/users
- Headers:
{ "Authorization": "Bearer $token", "Content-Type": "application/json" }
Hope it helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.