As developers, from time to time we are puzzled by simple questions:
How to discover Azure AD tenant ID based on Dynamics 365 organization URL?
Under the normal circumstances I would have put my condescending hat on (did I forget to take it off, again?) and say something like “Use AuthenticationParameters.CreateFromResourceUrlAsync method from ADAL, of course”. Except that in this instance the question was from the PHP developer working on a new version of php-crm-toolkit.
After asking some people, poking around with the irreplaceable Postman, and toying with the discovery API, etc, I’ve decided to adopt Occam’s razor approach.
Send this to the server:
GET /api/data/v9.0/ HTTP/1.1
Get a 401 reply with this header:
WWW-Authenticate Bearer authorization_uri=https://login.windows.net/ede123e5-dead-beef-dead-7ee8d5807f08/oauth2/authorize, resource_id=https://foobar.crm.dynamics.com/
The header contains all that you need to perform the authentication dance. Incidentally, according to David “Xrm.Tools” Yack, this approach is exactly how AuthenticationParameters.CreateFromResourceUrlAsync does the discovery under the hood.