/** * Get Client Assertion * Generates base64 Url safe client assertion * @param string $get_token_url * @return string */ public function get($getTokenUrl) { $clientAssertionHeader = array('alg' => $this->alg, 'x5t' => Office365::getThumbprint()); $now = $this->now(); $clientAssertionPayload = array('sub' => Office365::getClientId(), 'iss' => Office365::getClientId(), 'jti' => self::nonce(), 'exp' => $this->tenMinutesFromNow($now), 'nbf' => $now, 'aud' => $getTokenUrl); $assertionBlob = $this->getBlob($clientAssertionHeader, $clientAssertionPayload); $signature = $this->getSignature($assertionBlob); $clientAssertion = $assertionBlob . '.' . $signature; return $clientAssertion; }
/** * Retrieve Access Token * @return array response from access token request */ public function retrieve() { // parse token and get the tenant id. array key tid in response $parsedToken = $this->parse(); $tenantId = $parsedToken['tid']; if ($tenantId) { // if we have a tenant id built the token url and generate the assertion $this->tokenUrl = $this->authorizationBaseUrl . '/' . $tenantId . '/oauth2/token'; $assertion = new Assertion(); $getAssertion = $assertion->get($this->tokenUrl); //build the post data array $queryParams = array('resource' => $this->resource, 'client_id' => Office365::getClientId(), 'client_assertion_type' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer', 'client_assertion' => $getAssertion, 'grant_type' => 'client_credentials', 'redirect_uri' => $this->redirectUri); //generate a new API request using the tokenUrl and post_form array $request = new HttpPost($this->tokenUrl); $request->setPostData($queryParams); $request->send(); $responseObj = json_decode($request->getHttpResponse()); return $responseObj; } }
/** * Generate authorize url for admin consent SSO * @return string */ public static function authorizeUrl() { $queryParams = array('client_id' => Office365::getClientId(), 'redirect_uri' => Office365::getAuthorizationRedirectUrl(), 'response_type' => 'code id_token', 'scope' => 'openid', 'nonce' => self::nonce(), 'prompt' => 'admin_consent', 'response_mode' => 'form_post', 'resource' => Office365::$resourceBaseUrl); $auth_url = Office365::$authorizationBaseUrl . '?' . http_build_query($queryParams); return $auth_url; }