按租户和应用 ID 创建 Azure AD 用户
Create Azure AD user by tenant and app ID
如何使用 PHP 在 Azure AD 中通过客户端机密创建用户?
我需要在下面的代码中使用访问令牌来创建用户。要获得此令牌,我需要先登录。如何在没有任何登录的情况下自动创建用户。
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"accountEnabled": true,
"displayName": "Adele Vance",
"userPrincipalName": "adelev2@xxx.net",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}',
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
),
));
您可以参考这篇sample, which uses a daemon that does not require user login, and uses the client credential flow to obtain an access token to call MS graph api创建用户。您需要为申请授予 User.ReadWrite.All application permissions。
特别感谢 Carl,他提供了有用的链接,我使用以下两个函数完成了此操作:
我通过调用 getToken 函数收到一个令牌,并在 getToken 中使用它来创建一个没有任何先前登录的用户。
function getToken() {
$curl = curl_init();
$dir = env('OAUTH_DIR_ID');
$clientId = env('OAUTH_APP_ID');
$secretKey = env('OAUTH_APP_PASSWORD');
curl_setopt_array($curl, array(
CURLOPT_URL => "https://login.microsoftonline.com/$dir/oauth2/v2.0/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => "client_id=$clientId&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$secretKey&grant_type=client_credentials",
CURLOPT_HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded',
'x-ms-gateway-slice=estsfd; stsservicecookie=estsfd'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
}
function addUser($accessToken)
{
try {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"accountEnabled": true,
"displayName": "Adele Vance",
"userPrincipalName": "adelev2@yoed.net",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}',
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
var_dump($response); // Debug print
exit();
} catch (Error $ex) {
$home = env('APP_URL');
header("Location: $home/signin.php?err=" . $ex->getMessage());
die();
}
}
如何使用 PHP 在 Azure AD 中通过客户端机密创建用户?
我需要在下面的代码中使用访问令牌来创建用户。要获得此令牌,我需要先登录。如何在没有任何登录的情况下自动创建用户。
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"accountEnabled": true,
"displayName": "Adele Vance",
"userPrincipalName": "adelev2@xxx.net",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}',
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
),
));
您可以参考这篇sample, which uses a daemon that does not require user login, and uses the client credential flow to obtain an access token to call MS graph api创建用户。您需要为申请授予 User.ReadWrite.All application permissions。
特别感谢 Carl,他提供了有用的链接,我使用以下两个函数完成了此操作:
我通过调用 getToken 函数收到一个令牌,并在 getToken 中使用它来创建一个没有任何先前登录的用户。
function getToken() {
$curl = curl_init();
$dir = env('OAUTH_DIR_ID');
$clientId = env('OAUTH_APP_ID');
$secretKey = env('OAUTH_APP_PASSWORD');
curl_setopt_array($curl, array(
CURLOPT_URL => "https://login.microsoftonline.com/$dir/oauth2/v2.0/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => "client_id=$clientId&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$secretKey&grant_type=client_credentials",
CURLOPT_HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded',
'x-ms-gateway-slice=estsfd; stsservicecookie=estsfd'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
}
function addUser($accessToken)
{
try {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"accountEnabled": true,
"displayName": "Adele Vance",
"userPrincipalName": "adelev2@yoed.net",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}',
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
var_dump($response); // Debug print
exit();
} catch (Error $ex) {
$home = env('APP_URL');
header("Location: $home/signin.php?err=" . $ex->getMessage());
die();
}
}