/**
* Builds the email message and uses RequestManager to send a POST request
* to the sendmail endpoint in the unified API.
*
* @param string $recipient The recipient of the email.
*
* @function sendWelcomeMail
* @return Nothing, passes RuntimeException from RequestManager on error
*/
public static function sendWelcomeMail($recipient)
{
$emailBody = file_get_contents('MailTemplate.html');
// Use the given name if it exists, otherwise, use the alias
$greetingName = isset($_SESSION['given_name']) ? $_SESSION['given_name'] : explode('@', $_SESSION['unique_name'])[0];
$emailBody = str_replace('{given_name}', $greetingName, $emailBody);
// Build the HTTP request payload (the Message object).
$email = "{\n Message: {\n Subject: 'Welcome to Office 365 development with PHP',\n Body: {\n ContentType: 'HTML',\n Content: '{$emailBody}'\n },\n ToRecipients: [\n {\n EmailAddress: {\n Address: '{$recipient}'\n }\n }\n ]\n },\n SaveToSentItems: true\n }";
// Send the email request to the sendmail endpoint,
// which is in the following URI:
// https://graph.microsoft.com/beta/me/sendMail
// Note that the access token is attached in the Authorization header
RequestManager::sendPostRequest(Constants::RESOURCE_ID . Constants::SENDMAIL_ENDPOINT, array('Authorization: Bearer ' . $_SESSION['access_token'], 'Content-Type: application/json;' . 'odata.metadata=minimal;' . 'odata.streaming=true'), $email);
}
/**
* Contacts the token endpoint to get OAuth tokens including an access token
* that can be used to send an authenticated request to the
* Microsoft Graph.
* It also stores user information, like given name, in session variables.
*
* @function acquireToken
* @return Nothing, stores tokens in session variables.
*/
public static function acquireToken()
{
$tokenEndpoint = Constants::AUTHORITY_URL . Constants::TOKEN_ENDPOINT;
// Send a POST request to the token endpoint to retrieve tokens.
// Token endpoint is:
// https://login.microsoftonline.com/common/oauth2/token
$response = RequestManager::sendPostRequest($tokenEndpoint, array(), array('client_id' => Constants::CLIENT_ID, 'client_secret' => Constants::CLIENT_SECRET, 'code' => $_SESSION['code'], 'grant_type' => 'authorization_code', 'redirect_uri' => Constants::REDIRECT_URI, 'resource' => Constants::RESOURCE_ID));
// Store the raw response in JSON format.
$jsonResponse = json_decode($response, true);
// The access token response has the following parameters:
// access_token - The requested access token.
// expires_in - How long the access token is valid.
// expires_on - The time when the access token expires.
// id_token - An unsigned JSON Web Token (JWT).
// refresh_token - An OAuth 2.0 refresh token.
// resource - The App ID URI of the web API (secured resource).
// scope - Impersonation permissions granted to the client application.
// token_type - Indicates the token type value.
foreach ($jsonResponse as $key => $value) {
$_SESSION[$key] = $value;
}
// The id token is a JWT token that contains information about the user
// It's a base64 coded string that has a header and payload
$decodedAccessTokenPayload = base64_decode(explode('.', $_SESSION['id_token'])[1]);
$jsonAccessTokenPayload = json_decode($decodedAccessTokenPayload, true);
// The id token payload has the following parameters:
// aud - Audience of the token.
// exp - Expiration time.
// family_name - User’s last name or surname.
// given_name - User’s first name.
// iat - Issued at time.
// iss - Identifies the token issuer.
// nbf - Not before time. The time when the token becomes effective.
// oid - Object identifier (ID) of the user object
// in Azure Active Directory (AD).
// sub - Token subject identifier.
// tid - Tenant identifier of the Azure AD tenant that issued the token.
// unique_name - A unique identifier that can be displayed to the user.
// upn - User principal name.
// ver - Version.
foreach ($jsonAccessTokenPayload as $key => $value) {
$_SESSION[$key] = $value;
}
}
