Here's the project: An application installed on my local computer receives requests from external sources (say, web requests). These requests will allow the end-user to view a list of SharePoint Sites, available documents, etc. The local application is a daemon, therefore it won't use user credentials but rather its own appID+secretID to get authorization from the Azure AD.
I've done some testing (and a huge amount of reading!) and I think I have all the proper pieces in place to start doing some actual testing.
Before I can start testing, however, I need one of our Azure admins to register my app in Azure, which is a simple enough process. We did it together in our "lab" environment, which is distinct from the live site the entire organization uses. The problem I have is that I haven't found any reference anywhere describing how I can then point the daemon application to the lab server instead of to the official one.
All the authorization endpoints point to something like
https://login.microsoftonline.com/common/oauth2/token
so when I pass my appID+secretID, I get messages stating the application could not be found... which kinda makes sense since the application is only registered on our test server. Is there any way for me to set those endpoints to look somewhere else? I would assume the {tenantID} component in the URL (which is set to "common" in the above example) would allow me to direct Graph to search for the application on a different Azure instance... but I can't find any documentation explaining what the options are, if any.
I guess the larger question is: how do we set up a DTAP environment that allows me to perform tests on a test system rather than on the live one?
You need to specify either the tenant's object id, or one of its registered domains.
So for instance:
https://login.microsoftonline.com/company.com/oauth2/token
https://login.microsoftonline.com/directoryname.onmicrosoft.com/oauth2/token
This will give you a token valid in that tenant.