Tools, FAQ, Tutorials:
Initiate Azure AD v2 Access Token Request
How to initiate Azure AD v2.0 Access Token Request?
✍: FYIcenter.com
The Azure AD v2.0 Access Token Request should
be initiated from your application Web server.
This is why the authentication code flow is more secure
than the implicit flow, because the "id_token" value will
be received by Web server directly from the Azure AS service.
If you initiate the Access Token Request from end user's Web browser, your "id_token" value and application secret key value are exposed to the end user.
Here is a PHP code sample in the openID_receiver.php on the Web server to initiate Azure AD v2.0 Access Token Request after received the authentication code from the sign-on authentication request call:
... if (isset($_REQUEST["code"])) { $code = $_REQUEST["code"]; $body = array( 'client_id' => $client_id, 'code' => $code, 'grant_type' => 'authorization_code', 'redirect_uri' => 'http://dev.fyicenter.com/openID_receiver.php', 'client_secret' => $client_secret ); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $body); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0); $res = curl_exec($curl); if($res === false){ echo 'Curl error: ' . curl_error($curl); } else { $res = json_decode($res, true); # Access Token response is parsed into an array now ... } } ...
Note that you can only initiate the access token request with the POST method. Using the GET method may leave your secret key in the Azure server log files and become a security risk.
Â
⇒ Process Azure AD v2 Access Token Request
⇠Azure AD v2 Access Token Request
⇑⇑ OpenID Tutorials
2019-03-27, 936👍, 0💬
Popular Posts:
Can Multiple Paragraphs Be Included in a List Item? Yes. You can include multiple paragraphs in a si...
How to create a new API on the Publisher Dashboard of an Azure API Management Service? If you are ne...
Can You Add Values to an Array without Keys in PHP? Can You Add Values to an Array with a Key? The a...
How To Submit Values without Using a Form in PHP? If you know the values you want to submit, you can...
Can Two Forms Be Nested? Can two forms be nested? The answer is no and yes: No. You can not nest two...