Connect to Azure Active Directory from PHP Web Application

Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services

One option would be to have your PHP app serve a page using the Mobile Services JavaScript SDK and have it perform the login.

You'll get the same token that you would in your mobile app. To your question on authorization, as long as you're making subsequent backend calls through the Mobile Service, you will get the exact same authorization rules as you have defined on that service.

The token will be client-bound, and you'll likely want to get it back to your server for making calls. The actual Mobile Services token is located in client.currentUser.authenticationToken, and you can set this as a cookie in the javascript code and then retrieve it on your PHP backend in a subsequent call.

Calls to the Mobile Service (via the REST API) from your PHP backend just need this token set in the X-ZUMO-AUTH header.

This approach should work for all providers, including AAD. MFA should not be a problem in this case.

Azure B2C integration with PHP

To deploy the PHP Web Application using Azure AD B2C,follow the below steps :

• Install PHP, Laravel (it's web framework).

• Create a Web App in Azure Portal B2C blade by noting the ClientID and Client Secret from the Application.

• Clone and customize the source code from github: git clone https://github.com/Azure-Samples/active-directory-b2c-php-webapp-openidconnect.git

• Download the latest version of the php security library in your repo.

• To deploy into Azure, you need to set-up the Deployment settings by selecting Local Git Repository and setting up the username and password for deployment.

• git init and git remote add azure [deployment url] commands are used to set up deployment to azure.

• git push azure master to deploy online.

• Instead of depending on their own code, developers can rely on B2C for consumer sign up and sign in.

• Using OpenID Connect, we can validate the authentication token of the users connected with the Azure B2C of the PHP Web Application.

Please refer this GitHub article for code and more information.

Azure Active Directory MFA

If you have not already registered the php app in azure ad like below:
Quickstart: app registration-general- Microsoft identity platform | Microsoft Docs

Go for app registration in azuread .

1. Set Redirect URI like https://your.domain.name/oauth.php
2. Copy the client ID and tenant ID, to paste in _OAUTH_TENANTID and _OAUTH_CLIENTID in config.inc.
3. In Certificates & secrets page copy the secret value by adding a new secret,which cannot be accessed later.So copy when created.
4. Paste this into _OAUTH_SECRET within config.inc. Make sure _OAUTH_METHOD contains 'secret'.

You can see detailed info in here in Katy's Tech Blog .

See PHP Azure AD login with demo site (using oAuth)-GitHub reference for code configuration details.

For including multifaction authentication**(MFA)** :

• You may Go to azure ad > enterprise apps and check for the app you
  have just registered and create a policy to include MFA Requirement
  which asks users for additional authentication with the methods you
  enables like sms, phone call etc

next

Or you can directly go for conditional access and select app required while creating access policy.

After all set up in conditional access, make sure to Enable policy and save ,to start authenticating with azure ad which requires MFA.

Also check references:

1. Azure AD authentication with PHP using Microsoft Graph. a single PHP page
2. Deployment considerations for Azure AD Multi-Factor Authentication | Microsoft Docs
3. Integrate Azure Multi-Factor-Authentication in website to authenticate its users - Stack Overflow

---

Related Topics