ClientCertificateCredential
in package
implements
TokenCredential
FinalYes
Authenticates a Microsoft Entra service principal with a client certificate.
Table of Contents
Interfaces
- TokenCredential
- Defines how an Azure credential obtains access tokens.
Properties
- $clientCertificatePassword : string|null
- $clientCertificatePath : string
- $clientId : string
- $options : ClientCertificateCredentialOptions
- $tenantId : string
Methods
- __construct() : mixed
- getToken() : AccessToken
- Requests an access token for the supplied OAuth scopes.
- assertRsaKey() : void
- base64UrlEncode() : string
- createClientAssertion() : string
-
loadCertificateMaterial()
: OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: list
} -
loadPemCertificateMaterial()
: OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: list
} -
loadPkcs12CertificateMaterial()
: OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: list
} - parseCertificateDerFromPem() : array<int, string>
- Parse PEM content and return DER-encoded bytes for each certificate found.
Properties
$clientCertificatePassword read-only
private
string|null
$clientCertificatePassword
= null
$clientCertificatePath read-only
private
string
$clientCertificatePath
$clientId read-only
private
string
$clientId
$options read-only
private
ClientCertificateCredentialOptions
$options
= new ClientCertificateCredentialOptions()
$tenantId read-only
private
string
$tenantId
Methods
__construct()
public
__construct(string $tenantId, string $clientId, string $clientCertificatePath[, string|null $clientCertificatePassword = null ][, ClientCertificateCredentialOptions $options = new ClientCertificateCredentialOptions() ]) : mixed
Parameters
- $tenantId : string
-
Microsoft Entra tenant ID.
- $clientId : string
-
Application (client) ID.
- $clientCertificatePath : string
-
Path to PEM or PKCS#12 certificate material.
- $clientCertificatePassword : string|null = null
-
Password for encrypted certificate material.
- $options : ClientCertificateCredentialOptions = new ClientCertificateCredentialOptions()
getToken()
Requests an access token for the supplied OAuth scopes.
public
getToken(TokenRequestContext $context) : AccessToken
Parameters
- $context : TokenRequestContext
Return values
AccessTokenassertRsaKey()
private
assertRsaKey(OpenSSLAsymmetricKey $key) : void
Parameters
- $key : OpenSSLAsymmetricKey
base64UrlEncode()
private
base64UrlEncode(string $data) : string
Parameters
- $data : string
Return values
stringcreateClientAssertion()
private
createClientAssertion() : string
Return values
stringloadCertificateMaterial()
private
loadCertificateMaterial() : OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: list}
Return values
OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: listloadPemCertificateMaterial()
private
loadPemCertificateMaterial(string $pemContents) : OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: list}
Parameters
- $pemContents : string
Return values
OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: listloadPkcs12CertificateMaterial()
private
loadPkcs12CertificateMaterial(string $pkcs12Contents) : OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: list}
Parameters
- $pkcs12Contents : string
Return values
OpenSSLAsymmetricKey, leafCertificateDer: string, certificateChainDer: listparseCertificateDerFromPem()
Parse PEM content and return DER-encoded bytes for each certificate found.
private
parseCertificateDerFromPem(string $pemContents) : array<int, string>
Parameters
- $pemContents : string