Authenticating a PHP Web App with Azure Active Directory and Azure Mobile Services

6
votes

I've got an existing mobile app that is integrated with Azure's mobile services. The mobile services are currently connected to Azure Active Directory with MFA enabled. I'm attempting to build a separate PHP-based web application that uses this existing mobile service and authentication.

Authentication

The only active directory of users is the cloud-based AAD. There is no local version and no office 365. After doing a lot of research, it appears PHP can integrate using SAML. However, there are either no PHP samples Azure Active Directory Code Samples or they're tied to Office 365 azure-sdk-for-php-samples.

How can I authenticate my users against AAD via the web-app?

Authorization

Once a user has been authenticated, how can I ensure that user has the same access levels as the user via the mobile service?

1
azureazure-mobile-servicesazure-active-directory
this looks related github.com/AzureADSamples/…hanshenrik

1 Answers

5
votes

One option would be to have your PHP app serve a page using the Mobile Services JavaScript SDK and have it perform the login.

You'll get the same token that you would in your mobile app. To your question on authorization, as long as you're making subsequent backend calls through the Mobile Service, you will get the exact same authorization rules as you have defined on that service.

The token will be client-bound, and you'll likely want to get it back to your server for making calls. The actual Mobile Services token is located in client.currentUser.authenticationToken, and you can set this as a cookie in the javascript code and then retrieve it on your PHP backend in a subsequent call.

Calls to the Mobile Service (via the REST API) from your PHP backend just need this token set in the X-ZUMO-AUTH header.

This approach should work for all providers, including AAD. MFA should not be a problem in this case.