Skip to content

Commonwell / broker-site

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
AuthorizationHelperForGraph.php 2.5 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 
<?php

// A class that provides authortization token for apps that need to access Azure Active Directory Graph Service.
class AuthorizationHelperForAADGraphService
{
    // Post the token generated from the symettric key and other information to STS URL and construct the authentication header
    public static function getAuthenticationHeader(){
        // Password
		$appTenantDomainName =  Settings::getAppTenantDomainName();
		$appPrincipalId = Settings::getAppPrincipalId();
		$appObjectId = Settings::getAppObjectId();
		$password = Settings::getPassword();
        $clientSecret = urlencode($password);
        // Information about the resource we need access for which in this case is graph.
        $graphId = '00000002-0000-0000-c000-000000000000';
        $protectedResourceHostName = 'graph.windows.net';
        $graphPrincipalId = urlencode($graphId.'/'.$protectedResourceHostName.'@'.$appTenantDomainName);
        // Information about the app
        $clientPrincipalId = urlencode($appPrincipalId.'@'.$appTenantDomainName);

        // Construct the body for the STS request
        $authenticationRequestBody = 'grant_type=client_credentials&client_secret='.$clientSecret
                  .'&'.'resource='.$graphPrincipalId.'&'.'client_id='.$clientPrincipalId;

        //Using curl to post the information to STS and get back the authentication response    
        $ch = curl_init();
        // set url 
        $stsUrl = 'https://accounts.accesscontrol.windows.net/tokens/OAuth/2';
        curl_setopt($ch, CURLOPT_URL, $stsUrl);
        // Get the response back as a string 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        // Mark as Post request
        curl_setopt($ch, CURLOPT_POST, 1);
        // Set the parameters for the request
        curl_setopt($ch, CURLOPT_POSTFIELDS,  $authenticationRequestBody);

        // By default, HTTPS does not work with curl.
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

         //curl_setopt($ch, CURLOPT_PROXY, '127.0.0.1:8888');
        // read the output from the post request
        $output = curl_exec($ch);
        // close curl resource to free up system resources
        curl_close($ch);
        // decode the response from sts using json decoder
        $tokenOutput = json_decode($output);
		//error_log(print_r($tokenOutput, true));
		if($tokenOutput->error){
			$response = 'fail';
			return array( $response ,$tokenOutput->error);
			
			}
        return 'Authorization:' . $tokenOutput->{'token_type'}.' '.$tokenOutput->{'access_token'};
    }
}

?>