Reputation: 3270
Create Azure AD user by tenant and app ID
How I can create a user by Client secrets in Azure AD with PHP?
I need access token in below code to create a user. To have this token I need to login first. How I can create a user automatically without any login.
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"accountEnabled": true,
"displayName": "Adele Vance",
"userPrincipalName": "[email protected]",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}',
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
),
));
Upvotes: 0
Views: 392
Answers (2)
Reputation: 3270
With special thanks to Carl which provide useful links I did it by using two below functions:
I receive a token by calling getToken function and use it in getToken to create a user without any previous login.
function getToken() {
$curl = curl_init();
$dir = env('OAUTH_DIR_ID');
$clientId = env('OAUTH_APP_ID');
$secretKey = env('OAUTH_APP_PASSWORD');
curl_setopt_array($curl, array(
CURLOPT_URL => "https://login.microsoftonline.com/$dir/oauth2/v2.0/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => "client_id=$clientId&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$secretKey&grant_type=client_credentials",
CURLOPT_HTTPHEADER => array(
'Content-Type: application/x-www-form-urlencoded',
'x-ms-gateway-slice=estsfd; stsservicecookie=estsfd'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
}
function addUser($accessToken)
{
try {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS =>'{
"accountEnabled": true,
"displayName": "Adele Vance",
"userPrincipalName": "[email protected]",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}',
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer $accessToken",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
var_dump($response); // Debug print
exit();
} catch (Error $ex) {
$home = env('APP_URL');
header("Location: $home/signin.php?err=" . $ex->getMessage());
die();
}
}
Upvotes: 0
Reputation: 9549
You can refer to this sample, which uses a daemon that does not require user login, and uses the client credential flow to obtain an access token to call MS graph api to create a user. You need to grant User.ReadWrite.All application permissions for the application.
Upvotes: 1
Related Questions
- Add user in Azure AD using Microsoft Graph API
- Programmatically assign users to Azure AD Application using Graph API
- How to add Azure AD Application using application identifier
- Using Azure AD Graph API to create a User in Azure AD B2C
- How to create a user using azure graph api
- Create user using Azure AD Graph API in Azure AD B2C
- Azure AD Graph - AppRole Creation using Application Credential Flow
- How to get Azure AD access token for already logged in user?
- How to use Azure AD Graph API to create a new AppRoleAssignment
- Create a new Azure AD user with the same ID as the on-premise user