I am able to use OAuth2 to authenticate using the mechanism described here: http://msdn.microsoft.com/en-us/library/azure/dn645542.aspx - my intention is to allow my 3rd party WebApp to allow users to grant access to their SharePoint content via Azure OAuth. I am able to use the login.windows.net/common/oauth2 endpoints, and having registered my app in Azure, I do indeed get the right callback once the user authentiates, and I am able to post to the token endpoint.
At this point, I have an auth-token that I can use, but I don't know the URL to the user's default (or root) SharePoint site. I am required to provide a 'resource' URI so that authentication can succeed, and if I hard-code this value to a known URL, then it works like a charm. Unfortunately, this makes my application specific to one particular tenant. Far from ideal...
My question is - how can I detect the SharePoint URL to use as the resource parameter for access to - before the user logs-in? Or even better - is there a way to login using OAuth2 that allows me access to SharePoint endpoints, but which does not require me to know what the endpoints are ahead of time? If not, I don't see how it is possible to write multi-tenant applications with this model. I must be missing something.
Just to clarify the discussion, I can properly authenticate and read SharePoint data through the Azure authentication entry point and the SharePoint 2013 REST API - if I hard-code the resource URL. If I want to access a different tenant, I have to re-run my code with a different hard-coded resource URL. So, just to be painfully clear - this does not seem to be a problem authenticating or using the APIs so much as detecting the correct resource URL halfway through the authentication flow so that I can actually login to more than one tenancy.
(originally posted in Azure discussion list, and now moved to here)
Help!
