|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Metrogistics\AzureSocialite; |
|
4
|
|
|
|
|
5
|
|
|
class AzureActiveDirectory |
|
6
|
|
|
{ |
|
7
|
|
|
// Tenant name something.onmicrosoft.com |
|
8
|
|
|
public $tenantName = ''; |
|
9
|
|
|
// Azure AD base url to use |
|
10
|
|
|
public $baseUrl = 'https://login.microsoftonline.com'; |
|
11
|
|
|
// Azure AD version |
|
12
|
|
|
public $version = 'v2.0'; |
|
13
|
|
|
// .well-known/openid-config |
|
14
|
|
|
public $wellKnownOpenIdConfig = '.well-known/openid-configuration'; |
|
15
|
|
|
// URL to download the latest openid config |
|
16
|
|
|
public $openIdConfigUrl = ''; |
|
17
|
|
|
// Contents of the openid config assoc array parsed from json |
|
18
|
|
|
public $openIdConfig = []; |
|
19
|
|
|
// AAD authorization endpoint |
|
20
|
|
|
public $authorizationEndpoint = ''; |
|
21
|
|
|
// AAD token endpoint |
|
22
|
|
|
public $tokenEndpoint = ''; |
|
23
|
|
|
// AAD logout endpoint |
|
24
|
|
|
public $endSessionEndpoint = ''; |
|
25
|
|
|
|
|
26
|
|
|
public function __construct($tenantName = 'common') |
|
27
|
|
|
{ |
|
28
|
|
|
$this->setTenantName($tenantName); |
|
29
|
|
|
$this->parseOpenIdConfig(); |
|
30
|
|
|
} |
|
31
|
|
|
|
|
32
|
|
|
public function setTenantName($tenantName) |
|
33
|
|
|
{ |
|
34
|
|
|
// IF we are not using the common tenant |
|
35
|
|
|
if ($tenantName != 'common') { |
|
36
|
|
|
// Make sure the tenant is formatted like xyzcorp.onmicrosoft.com |
|
37
|
|
|
$regex = '/\.onmicrosoft\.com/'; |
|
38
|
|
|
if (! preg_match($regex, $tenantName, $hits)) { |
|
39
|
|
|
// Append the suffix if it is missing |
|
40
|
|
|
$tenantName .= '.onmicrosoft.com'; |
|
41
|
|
|
} |
|
42
|
|
|
} |
|
43
|
|
|
$this->tenantName = $tenantName; |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
public function buildOpenIdConfigUrl() |
|
47
|
|
|
{ |
|
48
|
|
|
$this->openIdConfigUrl = $this->baseUrl.'/' |
|
49
|
|
|
.$this->tenantName.'/' |
|
50
|
|
|
.$this->version.'/' |
|
51
|
|
|
.$this->wellKnownOpenIdConfig; |
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
public function downloadOpenIdConfig() |
|
55
|
|
|
{ |
|
56
|
|
|
$this->buildOpenIdConfigUrl(); |
|
57
|
|
|
$guzzle = new \GuzzleHttp\Client(); |
|
58
|
|
|
$response = $guzzle->get($this->openIdConfigUrl); |
|
59
|
|
|
$json = $response->getBody(); |
|
60
|
|
|
$this->openIdConfig = json_decode($json, true); |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
public function parseOpenIdConfig() |
|
64
|
|
|
{ |
|
65
|
|
|
$this->downloadOpenIdConfig(); |
|
66
|
|
|
$this->authorizationEndpoint = $this->openIdConfig['authorization_endpoint']; |
|
67
|
|
|
$this->tokenEndpoint = $this->openIdConfig['token_endpoint']; |
|
68
|
|
|
$this->endSessionEndpoint = $this->openIdConfig['end_session_endpoint']; |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
public function getApplicationAccessToken($clientId, $clientSecret) |
|
72
|
|
|
{ |
|
73
|
|
|
$guzzle = new \GuzzleHttp\Client(); |
|
74
|
|
|
$url = $this->tokenEndpoint; |
|
75
|
|
|
$parameters = [ |
|
76
|
|
|
'form_params' => [ |
|
77
|
|
|
'scope' => 'https://graph.microsoft.com/.default', |
|
78
|
|
|
'grant_type' => 'client_credentials', |
|
79
|
|
|
'client_id' => $clientId, |
|
80
|
|
|
'client_secret' => $clientSecret), |
|
|
|
|
|
|
81
|
|
|
], |
|
82
|
|
|
]; |
|
83
|
|
|
$response = $guzzle->post($url, $parameters); |
|
84
|
|
|
$responseObject = json_decode($response->getBody()); |
|
85
|
|
|
return $responseObject->access_token; |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
} |
|
89
|
|
|
|
metaclassing /
PHP7-Laravel5-EnterpriseAuth
Loading history...