For OAuth 2.0 flow for OneDrive for Business, should one use: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
As well as passing along a scope?
According to this MS blog post, onedrive, onedrive for business, etc should be able to use this new V2 OAuth 2.0 flow: https://blogs.msdn.microsoft.com/richard_dizeregas_blog/2015/09/04/working-with-the-converged-azure-ad-v2-app-model/
Or, should it be: https://login.microsoftonline.com/common/oauth2/authorize
And have permissions set up in AAD for the application?
When using the former (v2 OAuth), I keep getting errors saying my scopes are invalid: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope offline_access onedrive.readwrite is not valid.
When using the latter I keep getting the following error: unauthorized_client AADSTS70001: Application 'xxxx' is not supported for this API version. Trace ID: d5d359ad-2e6b-468d-9a95-df51656e9cc9
I have OneDrive working for user accounts using the live APIs, but since they are deprecated and it looks like the user and business OneDrive accounts should use the newer APIs, this is getting confusing.
Thanks for any assistance.