Documentation

Azure extends AbstractProvider
in package
uses BearerAuthorizationTrait

Represents a service provider (authorization server).

Table of Contents

Constants

ACCESS_TOKEN_RESOURCE_OWNER_ID  = null
ENDPOINT_VERSION_1_0  = '1.0'
ENDPOINT_VERSION_2_0  = '2.0'
ENDPOINT_VERSIONS  = [self::ENDPOINT_VERSION_1_0, self::ENDPOINT_VERSION_2_0]
METHOD_GET  = 'GET'
METHOD_POST  = 'POST'
PKCE_METHOD_PLAIN  = 'plain'
PKCE_METHOD_S256  = 'S256'

Properties

$API_VERSION  : mixed
$authWithResource  : mixed
$defaultAlgorithm  : mixed
$defaultEndPointVersion  : mixed
$resource  : mixed
$scope  : mixed
$scopeSeparator  : mixed
$tenant  : mixed
$urlAPI  : mixed
$urlLogin  : mixed
$clientCertificatePrivateKey  : string
The contents of the private key used for app authentication
$clientCertificateThumbprint  : string
The hexadecimal certificate thumbprint as displayed in the azure portal
$clientId  : string
$clientSecret  : string
$grantFactory  : GrantFactory
$guarded  : array<string|int, mixed>
The properties that aren't mass assignable.
$httpClient  : ClientInterface
$openIdConfiguration  : array<string|int, mixed>|null
$optionProvider  : OptionProviderInterface
$pkceCode  : string|null
$redirectUri  : string
$requestFactory  : RequestFactory
$state  : string

Methods

__construct()  : mixed
Constructs an OAuth 2.0 service provider.
authorize()  : mixed
Redirects the client for authorization.
delete()  : mixed
get()  : mixed
getAccessToken()  : AccessTokenInterface
Requests an access token using a specified grant and option set.
getAuthenticatedRequest()  : RequestInterface
Returns an authenticated PSR-7 request instance.
getAuthorizationUrl()  : string
Builds the authorization URL.
getBaseAccessTokenUrl()  : string
Returns the base URL for requesting an access token.
getBaseAuthorizationUrl()  : string
Returns the base URL for authorizing a client.
getClientId()  : mixed
getGrantFactory()  : GrantFactory
Returns the current grant factory instance.
getGuarded()  : array<string|int, mixed>
Returns current guarded properties.
getHeaders()  : array<string|int, mixed>
Returns all headers used by this provider for a request.
getHttpClient()  : ClientInterface
Returns the HTTP client instance.
getJwtVerificationKeys()  : array<string|int, mixed>
Get JWT verification keys from Azure Active Directory.
getLogoutUrl()  : string
Obtain URL for logging out the user.
getObjects()  : mixed
getOptionProvider()  : OptionProviderInterface
Returns the option provider instance.
getParsedResponse()  : mixed
Sends a request and returns the parsed response.
getPkceCode()  : string|null
Returns the current value of the pkceCode parameter.
getRequest()  : RequestInterface
Returns a PSR-7 request instance that is not authenticated.
getRequestFactory()  : RequestFactory
Returns the request factory instance.
getResourceOwner()  : ResourceOwnerInterface
Requests and returns the resource owner of given access token.
getResourceOwnerDetailsUrl()  : string
Returns the URL for requesting the resource owner's details.
getResponse()  : ResponseInterface
Sends a request instance and returns a response instance.
getRootMicrosoftGraphUri()  : string
getState()  : string
Returns the current value of the state parameter.
getTenantDetails()  : array<string|int, mixed>
Get the specified tenant's details.
isGuarded()  : bool
Determines if the given property is guarded.
patch()  : mixed
post()  : mixed
put()  : mixed
request()  : mixed
setGrantFactory()  : self
Sets the grant factory instance.
setHttpClient()  : self
Sets the HTTP client instance.
setOptionProvider()  : self
Sets the option provider instance.
setPkceCode()  : self
Set the value of the pkceCode parameter.
setRequestFactory()  : self
Sets the request factory instance.
validateAccessToken()  : array<string|int, mixed>
Validate the access token you received in your application.
validateTokenClaims()  : void
Validate the access token claims from an access token you received in your application.
appendQuery()  : string
Appends a query string to a URL.
buildQueryString()  : string
Build a query string from an array.
checkResponse()  : void
Checks a provider response for errors.
createAccessToken()  : AccessTokenInterface
Creates an access token from a response.
createRequest()  : RequestInterface
Creates a PSR-7 request instance.
createResourceOwner()  : ResourceOwnerInterface
Generates a resource owner object from a successful resource owner details request.
fetchResourceOwnerDetails()  : mixed
Requests resource owner details.
fillProperties()  : mixed
Attempts to mass assign the given options to explicitly defined properties, skipping over any properties that are defined in the guarded array.
getAccessTokenMethod()  : string
Returns the method to use when requesting an access token.
getAccessTokenQuery()  : string
Builds the access token URL's query string.
getAccessTokenRequest()  : RequestInterface
Returns a prepared request for requesting an access token.
getAccessTokenResourceOwnerId()  : string|null
Returns the key used in the access token response to identify the resource owner.
getAccessTokenUrl()  : string
Returns the full URL to use when requesting an access token.
getAllowedClientOptions()  : array<string|int, mixed>
Returns the list of options that can be passed to the HttpClient
getAuthorizationHeaders()  : array<string|int, mixed>
Returns authorization headers for the 'bearer' grant.
getAuthorizationParameters()  : array<string|int, mixed>
Returns authorization parameters based on provided options.
getAuthorizationQuery()  : string
Builds the authorization URL's query string.
getContentType()  : string
Returns the content type header of a response.
getDefaultHeaders()  : array<string|int, mixed>
Returns the default headers used by this provider.
getDefaultScopes()  : array<string|int, mixed>
Returns the default scopes used by this provider.
getOpenIdConfiguration()  : mixed
getPkceMethod()  : string|null
getRandomPkceCode()  : string
Returns a new random string to use as PKCE code_verifier and hashed as code_challenge parameters in an authorization flow.
getRandomState()  : string
Returns a new random string to use as the state parameter in an authorization flow.
getScopeSeparator()  : string
Returns the string that should be used to separate scopes when building the URL for requesting an access token.
getVersionUriInfix()  : mixed
parseJson()  : array<string|int, mixed>
Attempts to parse a JSON response.
parseResponse()  : array<string|int, mixed>
Parses the response according to its content-type header.
prepareAccessTokenResponse()  : array<string|int, mixed>
Prepares an parsed access token response for a grant.
verifyGrant()  : AbstractGrant
Checks that a provided grant is valid, or attempts to produce one if the provided grant is a string.
getValueByKey()  : mixed
Returns a value by key using dot notation.
wrapResponse()  : mixed

Constants

ACCESS_TOKEN_RESOURCE_OWNER_ID

public string|null ACCESS_TOKEN_RESOURCE_OWNER_ID = null

Key used in a token response to identify the resource owner.

ENDPOINT_VERSION_1_0

public mixed ENDPOINT_VERSION_1_0 = '1.0'

ENDPOINT_VERSION_2_0

public mixed ENDPOINT_VERSION_2_0 = '2.0'

ENDPOINT_VERSIONS

public mixed ENDPOINT_VERSIONS = [self::ENDPOINT_VERSION_1_0, self::ENDPOINT_VERSION_2_0]

METHOD_GET

public string METHOD_GET = 'GET'

HTTP method used to fetch access tokens.

METHOD_POST

public string METHOD_POST = 'POST'

HTTP method used to fetch access tokens.

PKCE_METHOD_PLAIN

public string PKCE_METHOD_PLAIN = 'plain'

PKCE method used to fetch authorization token. The PKCE code challenge will be sent as plain text, this is NOT recommended. Only use plain if no other option is possible.

PKCE_METHOD_S256

public string PKCE_METHOD_S256 = 'S256'

PKCE method used to fetch authorization token. The PKCE code challenge will be hashed with sha256 (recommended).

Properties

$API_VERSION

public mixed $API_VERSION = '1.6'

$authWithResource

public mixed $authWithResource = true

$defaultAlgorithm

public mixed $defaultAlgorithm = null

$defaultEndPointVersion

public mixed $defaultEndPointVersion = self::ENDPOINT_VERSION_1_0

$resource

public mixed $resource = ''

$scope

public mixed $scope = []

$scopeSeparator

public mixed $scopeSeparator = ' '

$tenant

public mixed $tenant = 'common'

$urlAPI

public mixed $urlAPI = 'https://graph.windows.net/'

$urlLogin

public mixed $urlLogin = 'https://login.microsoftonline.com/'

$clientCertificatePrivateKey

The contents of the private key used for app authentication

protected string $clientCertificatePrivateKey = ''

$clientCertificateThumbprint

The hexadecimal certificate thumbprint as displayed in the azure portal

protected string $clientCertificateThumbprint = ''

$guarded

The properties that aren't mass assignable.

protected array<string|int, mixed> $guarded = []

$openIdConfiguration

protected array<string|int, mixed>|null $openIdConfiguration

Methods

__construct()

Constructs an OAuth 2.0 service provider.

public __construct([array<string|int, mixed> $options = [] ][, array<string|int, mixed> $collaborators = [] ]) : mixed
Parameters
$options : array<string|int, mixed> = []

An array of options to set on this provider. Options include clientId, clientSecret, redirectUri, and state. Individual providers may introduce more options, as needed.

$collaborators : array<string|int, mixed> = []

An array of collaborators that may be used to override this provider's default behavior. Collaborators include grantFactory, requestFactory, and httpClient. Individual providers may introduce more collaborators, as needed.

authorize()

Redirects the client for authorization.

public authorize([array<string|int, mixed> $options = [] ][, callable|null $redirectHandler = null ]) : mixed
Parameters
$options : array<string|int, mixed> = []
$redirectHandler : callable|null = null
Tags
throws
InvalidArgumentException

delete()

public delete(mixed $ref, mixed &$accessToken[, mixed $headers = [] ]) : mixed
Parameters
$ref : mixed
$accessToken : mixed
$headers : mixed = []

get()

public get(mixed $ref, mixed &$accessToken[, mixed $headers = [] ][, mixed $doNotWrap = false ]) : mixed
Parameters
$ref : mixed
$accessToken : mixed
$headers : mixed = []
$doNotWrap : mixed = false

getAccessToken()

Requests an access token using a specified grant and option set.

public getAccessToken(mixed $grant[, array<string|int, mixed> $options = [] ]) : AccessTokenInterface
Parameters
$grant : mixed
$options : array<string|int, mixed> = []
Tags
inheritdoc
Return values
AccessTokenInterface

getAuthenticatedRequest()

Returns an authenticated PSR-7 request instance.

public getAuthenticatedRequest(string $method, string $url, AccessTokenInterface|string|null $token[, array<string|int, mixed> $options = [] ]) : RequestInterface
Parameters
$method : string
$url : string
$token : AccessTokenInterface|string|null
$options : array<string|int, mixed> = []

Any of "headers", "body", and "protocolVersion".

Return values
RequestInterface

getAuthorizationUrl()

Builds the authorization URL.

public getAuthorizationUrl([array<string|int, mixed> $options = [] ]) : string
Parameters
$options : array<string|int, mixed> = []
Tags
throws
InvalidArgumentException
Return values
string

Authorization URL

getBaseAccessTokenUrl()

Returns the base URL for requesting an access token.

public getBaseAccessTokenUrl(array<string|int, mixed> $params) : string
Parameters
$params : array<string|int, mixed>
Tags
inheritdoc
Return values
string

getBaseAuthorizationUrl()

Returns the base URL for authorizing a client.

public getBaseAuthorizationUrl() : string
Tags
inheritdoc
Return values
string

getClientId()

public getClientId() : mixed

getGuarded()

Returns current guarded properties.

public getGuarded() : array<string|int, mixed>
Return values
array<string|int, mixed>

getHeaders()

Returns all headers used by this provider for a request.

public getHeaders([mixed|null $token = null ]) : array<string|int, mixed>

The request will be authenticated if an access token is provided.

Parameters
$token : mixed|null = null

object or string

Return values
array<string|int, mixed>

getJwtVerificationKeys()

Get JWT verification keys from Azure Active Directory.

public getJwtVerificationKeys() : array<string|int, mixed>
Return values
array<string|int, mixed>

getLogoutUrl()

Obtain URL for logging out the user.

public getLogoutUrl([mixed $post_logout_redirect_uri = "" ]) : string
Parameters
$post_logout_redirect_uri : mixed = ""

string The URL which the user should be redirected to after logout

Return values
string

getObjects()

public getObjects(mixed $tenant, mixed $ref, mixed &$accessToken[, mixed $headers = [] ]) : mixed
Parameters
$tenant : mixed
$ref : mixed
$accessToken : mixed
$headers : mixed = []

getPkceCode()

Returns the current value of the pkceCode parameter.

public getPkceCode() : string|null

This can be accessed by the redirect handler during authorization.

Return values
string|null

getRequest()

Returns a PSR-7 request instance that is not authenticated.

public getRequest(string $method, string $url[, array<string|int, mixed> $options = [] ]) : RequestInterface
Parameters
$method : string
$url : string
$options : array<string|int, mixed> = []
Return values
RequestInterface

getResourceOwnerDetailsUrl()

Returns the URL for requesting the resource owner's details.

public getResourceOwnerDetailsUrl(AccessToken $token) : string
Parameters
$token : AccessToken
Tags
inheritdoc
Return values
string

getRootMicrosoftGraphUri()

public getRootMicrosoftGraphUri(mixed $accessToken) : string
Parameters
$accessToken : mixed

AccessToken|null

Return values
string

getState()

Returns the current value of the state parameter.

public getState() : string

This can be accessed by the redirect handler during authorization.

Return values
string

getTenantDetails()

Get the specified tenant's details.

public getTenantDetails(string $tenant, string|null $version) : array<string|int, mixed>
Parameters
$tenant : string
$version : string|null
Tags
throws
IdentityProviderException
Return values
array<string|int, mixed>

isGuarded()

Determines if the given property is guarded.

public isGuarded(string $property) : bool
Parameters
$property : string
Return values
bool

patch()

public patch(mixed $ref, mixed $body, mixed &$accessToken[, mixed $headers = [] ]) : mixed
Parameters
$ref : mixed
$body : mixed
$accessToken : mixed
$headers : mixed = []

post()

public post(mixed $ref, mixed $body, mixed &$accessToken[, mixed $headers = [] ]) : mixed
Parameters
$ref : mixed
$body : mixed
$accessToken : mixed
$headers : mixed = []

put()

public put(mixed $ref, mixed $body, mixed &$accessToken[, mixed $headers = [] ]) : mixed
Parameters
$ref : mixed
$body : mixed
$accessToken : mixed
$headers : mixed = []

request()

public request(mixed $method, mixed $ref, mixed &$accessToken[, mixed $options = [] ]) : mixed
Parameters
$method : mixed
$ref : mixed
$accessToken : mixed
$options : mixed = []

setPkceCode()

Set the value of the pkceCode parameter.

public setPkceCode(string $pkceCode) : self

When using PKCE this should be set before requesting an access token.

Parameters
$pkceCode : string
Return values
self

validateAccessToken()

Validate the access token you received in your application.

public validateAccessToken(mixed $accessToken) : array<string|int, mixed>
Parameters
$accessToken : mixed

string The access token you received in the authorization header.

Return values
array<string|int, mixed>

validateTokenClaims()

Validate the access token claims from an access token you received in your application.

public validateTokenClaims(mixed $tokenClaims) : void
Parameters
$tokenClaims : mixed

array The token claims from an access token you received in the authorization header.

appendQuery()

Appends a query string to a URL.

protected appendQuery(string $url, string $query) : string
Parameters
$url : string

The URL to append the query to

$query : string

The HTTP query string

Return values
string

The resulting URL

buildQueryString()

Build a query string from an array.

protected buildQueryString(array<string|int, mixed> $params) : string
Parameters
$params : array<string|int, mixed>
Return values
string

checkResponse()

Checks a provider response for errors.

protected checkResponse(ResponseInterface $response, mixed $data) : void
Parameters
$response : ResponseInterface
$data : mixed

Parsed response data

Tags
inheritdoc

fillProperties()

Attempts to mass assign the given options to explicitly defined properties, skipping over any properties that are defined in the guarded array.

protected fillProperties([array<string|int, mixed> $options = [] ]) : mixed
Parameters
$options : array<string|int, mixed> = []

getAccessTokenMethod()

Returns the method to use when requesting an access token.

protected getAccessTokenMethod() : string
Return values
string

HTTP method

getAccessTokenQuery()

Builds the access token URL's query string.

protected getAccessTokenQuery(array<string|int, mixed> $params) : string
Parameters
$params : array<string|int, mixed>

Query parameters

Return values
string

Query string

getAccessTokenRequest()

Returns a prepared request for requesting an access token.

protected getAccessTokenRequest(array<string|int, mixed> $params) : RequestInterface
Parameters
$params : array<string|int, mixed>

Query string parameters

Return values
RequestInterface

getAccessTokenResourceOwnerId()

Returns the key used in the access token response to identify the resource owner.

protected getAccessTokenResourceOwnerId() : string|null
Return values
string|null

Resource owner identifier key

getAccessTokenUrl()

Returns the full URL to use when requesting an access token.

protected getAccessTokenUrl(array<string|int, mixed> $params) : string
Parameters
$params : array<string|int, mixed>

Query parameters

Return values
string

getAllowedClientOptions()

Returns the list of options that can be passed to the HttpClient

protected getAllowedClientOptions(array<string|int, mixed> $options) : array<string|int, mixed>
Parameters
$options : array<string|int, mixed>

An array of options to set on this provider. Options include clientId, clientSecret, redirectUri, and state. Individual providers may introduce more options, as needed.

Return values
array<string|int, mixed>

The options to pass to the HttpClient constructor

getAuthorizationHeaders()

Returns authorization headers for the 'bearer' grant.

protected getAuthorizationHeaders([AccessTokenInterface|string|null $token = null ]) : array<string|int, mixed>
Parameters
$token : AccessTokenInterface|string|null = null

Either a string or an access token instance

Return values
array<string|int, mixed>

getAuthorizationParameters()

Returns authorization parameters based on provided options.

protected getAuthorizationParameters(array<string|int, mixed> $options) : array<string|int, mixed>
Parameters
$options : array<string|int, mixed>
Tags
throws
InvalidArgumentException
Return values
array<string|int, mixed>

Authorization parameters

getAuthorizationQuery()

Builds the authorization URL's query string.

protected getAuthorizationQuery(array<string|int, mixed> $params) : string
Parameters
$params : array<string|int, mixed>

Query parameters

Return values
string

Query string

getContentType()

Returns the content type header of a response.

protected getContentType(ResponseInterface $response) : string
Parameters
$response : ResponseInterface
Return values
string

Semi-colon separated join of content-type headers.

getDefaultHeaders()

Returns the default headers used by this provider.

protected getDefaultHeaders() : array<string|int, mixed>

Typically this is used to set 'Accept' or 'Content-Type' headers.

Return values
array<string|int, mixed>

getDefaultScopes()

Returns the default scopes used by this provider.

protected getDefaultScopes() : array<string|int, mixed>
Tags
inheritdoc
Return values
array<string|int, mixed>

getOpenIdConfiguration()

protected getOpenIdConfiguration(string $tenant, string $version) : mixed
Parameters
$tenant : string
$version : string

getPkceMethod()

protected getPkceMethod() : string|null
Return values
string|null

getRandomPkceCode()

Returns a new random string to use as PKCE code_verifier and hashed as code_challenge parameters in an authorization flow.

protected getRandomPkceCode([int $length = 64 ]) : string

Must be between 43 and 128 characters long.

Parameters
$length : int = 64

Length of the random string to be generated.

Return values
string

getRandomState()

Returns a new random string to use as the state parameter in an authorization flow.

protected getRandomState([int $length = 32 ]) : string
Parameters
$length : int = 32

Length of the random string to be generated.

Return values
string

getScopeSeparator()

Returns the string that should be used to separate scopes when building the URL for requesting an access token.

protected getScopeSeparator() : string
Tags
inheritdoc
Return values
string

Scope separator, defaults to ','

getVersionUriInfix()

protected getVersionUriInfix(mixed $version) : mixed
Parameters
$version : mixed

parseJson()

Attempts to parse a JSON response.

protected parseJson(string $content) : array<string|int, mixed>
Parameters
$content : string

JSON content from response body

Tags
throws
UnexpectedValueException

if the content could not be parsed

Return values
array<string|int, mixed>

Parsed JSON data

parseResponse()

Parses the response according to its content-type header.

protected parseResponse(ResponseInterface $response) : array<string|int, mixed>
Parameters
$response : ResponseInterface
Tags
throws
UnexpectedValueException
Return values
array<string|int, mixed>

prepareAccessTokenResponse()

Prepares an parsed access token response for a grant.

protected prepareAccessTokenResponse(array<string, mixed> $result) : array<string|int, mixed>

Custom mapping of expiration, etc should be done here. Always call the parent method when overloading this method.

Parameters
$result : array<string, mixed>
Return values
array<string|int, mixed>

getValueByKey()

Returns a value by key using dot notation.

private getValueByKey(array<string|int, mixed> $data, string $key[, mixed|null $default = null ]) : mixed
Parameters
$data : array<string|int, mixed>
$key : string
$default : mixed|null = null

wrapResponse()

private wrapResponse(mixed $response) : mixed
Parameters
$response : mixed 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results