Dump Azure AD v2.0 Authentication Response

Q

How to build a PHP script to dump Azure AD 2.0 Authentication Response?

✍: FYIcenter.com

A

If you are use the Azure-AD-Authentication-Request-Test.html test Web form, you need to write a server side script to dump the Azure AD Authentication Response.

Here is an example of PHP script, openID_receiver.php, that dumps all attributes received in the Authentication Response:

<html><body><pre>
<?php 
$id_token = $_REQUEST["id_token"];
$code = $_REQUEST["code"];
$token = $_REQUEST["token"];
$state = $_REQUEST["state"];
$error = $_REQUEST["error"];
$error_description = $_REQUEST["error_description"];

echo "id_token: $id_token\n";
echo "code: $code\n";
echo "token: $token\n";
echo "state: $state\n";
echo "error: $error\n";
echo "error_description: $error_description\n";
?>
</pre></body></html>

Upload this script to your Web server, and use it as the redirect_uri value in the Azure-AD-Authentication-Request-Test.html test page.

Here is an example of output returned by openID_receiver.php with "response_type=id_token" in the request:

id_token: eyJ0eXAiOiJKV1Qi...eyJhdWQiOiJiMTRh...UJQrCA6qn2bXq57q...
code: AQABAAIAAACJnLyvTTQE_LkX_Hd1_HKVGtHVJwp0r3ToIvBMns4dpW31lq...
token: 
state: yyyyyy
error: 
error_description:

See other tutorials on how to decode and validate "id_token" and "code" values.

⇒ Build Implicit Flow with Azure AD v2

⇐ Azure AD v2 Authentication Request Test Page

⇑ Azure AD Integration v2.0

⇑⇑ OpenID Tutorials

2019-04-03, 31🔥, 0💬

Adding Claims in Azure AD v2 id_token
How to include additional claims in Azure AD v2.0 id_tokens? If you want to include additional claims in Azure AD v2.0 id_tokens, you need to modify your application registration in Azure AD. 1. Log in the Azure portal. 2. Select the Azure Active Directory service, and then select App registrations ... 2019-03-27, ∼6730🔥, 0💬

Build Implicit Flow with Azure AD v2
How to implement the OpenID Implicit Flow with Azure AD v2.0 service? If you want to implement the OpenID Implicit Flow in your Web application to use Azure AD service, you should follow these steps: 1. Building the Azure AD v2.0 Sign-on authentication request: Register your Web application to the A... 2019-04-03, ∼2081🔥, 0💬

Azure AD v2 id_token Decoded Example
Where to find an Azure AD v2.0 id_token decoded example? Here is an example of an "id_token" value returned from Azure AD v2.0 after Base64URL decoded: Header = { "typ": "JWT", "alg": "RS256", "kid": "1LTMzakihiRla_8z2BEJVXeWMqo" } Body = { "ver": "2.0", "iss": "https://login.microsoftonline .com/918... 2019-04-03, ∼1825🔥, 0💬

Decode Azure AD v2 id_token
How to decode the id_token value received from Azure AD v2.0 authentication response? According to the "RFC 7519 - JWT (JSON Web Token)" standard, the "id_token" value received from Azure AD authentication response should be decoded as below: Splitting the encoded string into 3 components: Header, B... 2019-04-03, ∼1794🔥, 0💬

Azure AD v2 Error: Invalid Reply URL
Why Azure AD v2.0 display this error message: AADSTS50011: The reply url specified in the request does not match the reply URLsconfigured for the application? The root cause of this error is that you forgot the add the "redirect_uri" in your authentication request to Application ID settings on Azure... 2019-05-03, ∼1772🔥, 0💬

Process Azure AD v2 Authentication Request
How to the Azure AD v2.0 Sign-On Authentication Request is process by Azure AD service? When Azure AD service receives a Sign-On Authentication Request from an end user's Web browser, it will: Verify if the "client_id" value in the request is valid. If not, display an error message page to the end u... 2019-05-03, ∼1499🔥, 0💬

Azure AD v2 id_token Is Smaller
Where Azure AD v2.0 id_token is smaller than v1.0? Azure AD v2.0 id_token is smaller than v1.0, because the number of default claims (properties) are reduced in Azure AD v2.0 id_tokens as shown in the table below: Azure AD v2.0 Azure AD v1.0 ver=2.0 ver=1.0 rh iss iss sub sub aud aud exp exp iat iat... 2019-04-03, ∼1497🔥, 0💬

Authentication Response Received from Azure AD v2
How to process the authentication response received from Azure AD v2.0 service after sending a sign-on authentication request? After Azure AD v2.0 service receives a sign-on authentication request from the end user's Web browser, it will process the request and redirect the Web browser to the "redir... 2019-05-03, ∼1435🔥, 0💬

Initiate Azure AD v2 Authentication Request
How to initiate Azure AD v2.0 Sign-On Authentication Request? The Azure AD v2.0 Sign-On Authentication Request must be initiated from the end user's Web browser, because the Azure AD service needs to communicate with the Web browser to make sure that the end user is signed on to an AD (Active Direct... 2019-05-03, ∼1432🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.