/**
  *  Builds the email message and uses RequestManager to send a POST request 
  *  to the sendmail endpoint in the unified API.
  *
  *  @param string $recipient The recipient of the email.
  *
  *  @function sendWelcomeMail
  *  @return   Nothing, passes RuntimeException from RequestManager on error
  */
 public static function sendWelcomeMail($recipient)
 {
     $emailBody = file_get_contents('MailTemplate.html');
     // Use the given name if it exists, otherwise, use the alias
     $greetingName = isset($_SESSION['given_name']) ? $_SESSION['given_name'] : explode('@', $_SESSION['unique_name'])[0];
     $emailBody = str_replace('{given_name}', $greetingName, $emailBody);
     // Build the HTTP request payload (the Message object).
     $email = "{\n            Message: {\n            Subject: 'Welcome to Office 365 development with PHP',\n            Body: {\n                ContentType: 'HTML',\n                Content: '{$emailBody}'\n            },\n            ToRecipients: [\n                {\n                    EmailAddress: {\n                    Address: '{$recipient}'\n                    }\n                }\n            ]\n            },\n            SaveToSentItems: true\n            }";
     // Send the email request to the sendmail endpoint,
     // which is in the following URI:
     // https://graph.microsoft.com/beta/me/sendMail
     // Note that the access token is attached in the Authorization header
     RequestManager::sendPostRequest(Constants::RESOURCE_ID . Constants::SENDMAIL_ENDPOINT, array('Authorization: Bearer ' . $_SESSION['access_token'], 'Content-Type: application/json;' . 'odata.metadata=minimal;' . 'odata.streaming=true'), $email);
 }
 /**
  *  Contacts the token endpoint to get OAuth tokens including an access token
  *  that can be used to send an authenticated request to the 
  *  Microsoft Graph.
  *  It also stores user information, like given name, in session variables. 
  *
  *  @function acquireToken
  *  @return   Nothing, stores tokens in session variables.
  */
 public static function acquireToken()
 {
     $tokenEndpoint = Constants::AUTHORITY_URL . Constants::TOKEN_ENDPOINT;
     // Send a POST request to the token endpoint to retrieve tokens.
     // Token endpoint is:
     // https://login.microsoftonline.com/common/oauth2/token
     $response = RequestManager::sendPostRequest($tokenEndpoint, array(), array('client_id' => Constants::CLIENT_ID, 'client_secret' => Constants::CLIENT_SECRET, 'code' => $_SESSION['code'], 'grant_type' => 'authorization_code', 'redirect_uri' => Constants::REDIRECT_URI, 'resource' => Constants::RESOURCE_ID));
     // Store the raw response in JSON format.
     $jsonResponse = json_decode($response, true);
     // The access token response has the following parameters:
     // access_token - The requested access token.
     // expires_in - How long the access token is valid.
     // expires_on - The time when the access token expires.
     // id_token - An unsigned JSON Web Token (JWT).
     // refresh_token - An OAuth 2.0 refresh token.
     // resource - The App ID URI of the web API (secured resource).
     // scope - Impersonation permissions granted to the client application.
     // token_type - Indicates the token type value.
     foreach ($jsonResponse as $key => $value) {
         $_SESSION[$key] = $value;
     }
     // The id token is a JWT token that contains information about the user
     // It's a base64 coded string that has a header and payload
     $decodedAccessTokenPayload = base64_decode(explode('.', $_SESSION['id_token'])[1]);
     $jsonAccessTokenPayload = json_decode($decodedAccessTokenPayload, true);
     // The id token payload has the following parameters:
     // aud - Audience of the token.
     // exp - Expiration time.
     // family_name - User’s last name or surname.
     // given_name - User’s first name.
     // iat - Issued at time.
     // iss - Identifies the token issuer.
     // nbf - Not before time. The time when the token becomes effective.
     // oid - Object identifier (ID) of the user object
     //       in Azure Active Directory (AD).
     // sub - Token subject identifier.
     // tid - Tenant identifier of the Azure AD tenant that issued the token.
     // unique_name - A unique identifier that can be displayed to the user.
     // upn - User principal name.
     // ver - Version.
     foreach ($jsonAccessTokenPayload as $key => $value) {
         $_SESSION[$key] = $value;
     }
 }