Question 316504 in PHP Versions Question posted in
You can find a list of all versions here.

Php versions – How to use Azure App Roles using PHP and Postman

Several questions about Azure App Roles and PHP.

As I understand it, I can get the app roles either by REST API or Microsoft Graph. I was hoping to use the API route and found some posts on Stack overflow that help, but I’m not there yet.

I am hoping to setup the request in Postman, get it working, then export the PHP code (cURL). The ultimate goal is to setup roles for my app service for different levels of access determined by role.

The GET request URL I am using is (with subscription ID filled in):
https://management.azure.com/subscriptions/SUBSCRIPTIONID/resourceGroups/myresourcegroup1/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01&$filter=atScope()

I get Authentication Failed because I don’t really understand how to authenticate into Azure to process this request – I’ve seen someone using a bearer token, but I’m not sure how to do that, or where the bearer token comes from?

I’ve done a fair bit of reading and will continue to but wanted to post this in case someone has some sample PHP code, information on bearer tokens, or can offer any help regarding postman.

Thanks!

I’ve tried using Postman but can’t authenticate.

Tags:

2

Answers


  1. 0

    Note that: If you want to call the API without user interaction then make use of client credential flow. If you want user interaction, make use of Authorization code flow to generate the access token.

    Create an Azure AD application and grant API permissions:

    enter image description here

    Based on your requirement you can select any token grant flows to authenticate. Refer this MsDoc.

    For sample, I used Client Credential flow by using below parameters via Postman:

    https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope:https://management.azure.com/.default
grant_type:client_credentials

    enter image description here

    Note that: You must assign Reader role to the application to call the API.

    enter image description here

    Using the access token, I am able to call the API successfully like below:

    https://management.azure.com/subscriptions/SUBID/resourceGroups/myresourcegroup1/providers/Microsoft.Authorization/roleAssignments?api-version=2022-04-01

    enter image description here

    References:

    GitHub – CoasterKaty/PHPAzureADoAuth: PHP Azure AD login with demo site (using oAuth) by CoasterKaty

    Can Azure AD OAuth client credentials flow permissions be limited to specific mailboxes? – Stack Overflow by me

    Login or Signup to reply.
  2. 0

    Thanks @Rukmini – I was finally able to get back to this…the first part I was able to get working in Postman! I got the bearer token!

    But the second part, (getting the roles) I am getting an "Authentication Failed" in Postman while trying to use that bearer token…still working on it, but not sure what would cause this error.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search