Question

我正在尝试将 Azure Auth MFA 用于我的 PHP 应用程序，一切似乎都运行良好，并且当我在脚本末尾回显 $result 时返回 True。但是我如何从这里获取用户详细信息，例如用户登录 ID、AD ID

我尝试过客户端主体名称，但它没有返回任何内容

            $request_headers[] = 'X-MS-CLIENT-PRINCIPAL-NAME'

PFB 完整代码

            if (!isset($_GET['code'])) {
            
                $authUrl = "https://login.microsoftonline.com/iaddtenanidhere/oauth2/authorize?";
                $authUrl .= "client_id=iaddclientidhere";
                $authUrl .= "&response_type=code";
                $authUrl .= "&redirect_uri=https%3A%2F%2Fkeralapitbulls.com%2F";
                $authUrl .= "&response_mode=query";
                $authUrl .= "&resource=https%3A%2F%2Fgraph.microsoft.com%2F";
                $authUrl .= "&state=12345";
                header('Location: '.$authUrl);
                exit;
                
                
                } else if(isset($_GET['code'])){
                
                
                $accesscode = $_GET['code'];
                $ch = curl_init();
                curl_setopt($ch, CURLOPT_URL,"https://login.microsoftonline.com/common/oauth2/token");
                curl_setopt($ch, CURLOPT_POST, 1);
                $client_id = "iaddclientidhere";
                $client_secret = "iaddkeyhere";
                curl_setopt($ch, CURLOPT_POSTFIELDS,
                "grant_type=authorization_code&client_id=".$client_id."&redirect_uri=https%3A%2F%2Fkeralapitbulls.com%2F&resource=https%3A%2F%2Fgraph.microsoft.com%2F&&code=".$accesscode."&client_secret=".urlencode($client_secret));
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
                $server_output = curl_exec ($ch);
                curl_close ($ch);
                $jsonoutput = json_decode($server_output, true);
                
                /* print_r($jsonoutput);
                jsonoutput prints fine */
                
                $bearertoken = $jsonoutput['access_token'];
                $url = "graph.microsoft.com";
                $ch = curl_init($url);
                $User_Agent = 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31';
                $request_headers = array();
                $request_headers[] = 'User-Agent: '. $User_Agent;
                $request_headers[] = 'Accept: application/json';
                $request_headers[] = 'Authorization: Bearer '. $bearertoken;
                
                // $request_headers[] = 'X-MS-CLIENT-PRINCIPAL-NAME'; // does not return anything
                
                curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
                $result = curl_exec($ch);
                curl_close($ch);
                echo $result; // returns true

            }

print_r($jsonoutput) //看起来不错

                Array
                (
                [token_type] => Bearer
                [scope] => User.Read
                [expires_in] => 3599
                [ext_expires_in] => 3599
                [expires_on] => 1617785679
                [not_before] => 1617781779
                [resource] => https://graph.microsoft.com/
                [access_token] => eyJ0eXAiOiJKV1QiLCJub25jZSI6IlpuczFwWHloaWUxRy more
                [refresh_token] => 0.ASUA5MSKJWoUHkGdyHmp4S_W2kF1yjPM0 more
                [id_token] => efghfghfghfgh1QiLCJub25jZSI6IlpuczFwWHloaWUxRy more
                )

Answer 1

其实你可以直接用 $url = $url = "graph.microsoft.com"; 替换 "https://graph.microsoft.com/v1.0/me"; 来获取用户信息。

解析访问令牌还可以获取用户详细信息（添加 X-MS-CLIENT-PRINCIPAL-NAME 作为请求标头）。

使用 Azure Auth MFA 获取用户详细信息 - 多因素身份验证

1 个答案: