Tip #1066: Discover Azure AD tenant ID with Occam’s razor

As developers, from time to time we are puzzled by simple questions:

How to discover Azure AD tenant ID based on Dynamics 365 organization URL?

Under the normal circumstances I would have put my condescending hat on (did I forget to take it off, again?) and say something like “Use AuthenticationParameters.CreateFromResourceUrlAsync method from ADAL, of course”. Except that in this instance the question was from the PHP developer working on a new version of php-crm-toolkit.

After asking some people, poking around with the irreplaceable Postman, and toying with the discovery API, etc, I’ve decided to adopt Occam’s razor approach.

Send this to the server:
GET /api/data/v9.0/ HTTP/1.1
Host: foobar.crm.dynamics.com

Get a 401 reply with this header:
WWW-Authenticate Bearer authorization_uri=https://login.windows.net/ede123e5-dead-beef-dead-7ee8d5807f08/oauth2/authorize, resource_id=https://foobar.crm.dynamics.com/

The header contains all that you need to perform the authentication dance. Incidentally, according to David “Xrm.Tools” Yack, this approach is exactly how AuthenticationParameters.CreateFromResourceUrlAsync does the discovery under the hood.

Leave a Reply

Your email address will not be published. Required fields are marked *