We have an O365 tenant, everything is configured out of the box. The tenant is placed in the German cloud and not in global (office.de). We also developed an Office Add-in that authorize access to sharepoint using OAuth 2.0. First, we initiate a request for a code to this url:
http://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=client_id&redirect_uri=redirect_uri&state=state
and we get all values back including the code. Then, we initiate a request for the Discovery Service to discover the services using this url:
https://login.windows.net/common/oauth2/token?client_id=client_id&redirect_uri=redirect_uri&resource=https://api.office.com/discovery/&grant_type=authorization_code&code=code
In the global cloud everything is ok and we get the list of services we need but in the German cloud we get the following error:
{ "error": "invalid_grant", "error_description": "AADSTS90051: Invalid Delegation Token. Invalid national Cloud ID (1) is specified.\r\nTrace ID: 52f8aa2b-9f98-4ba6-b778-c0ba484a3c00\r\nCorrelation ID: 67100192-82c8-41ea-a5ca-fd9872caaf2e\r\nTimestamp: 2018-02-08 06:31:18Z", "error_codes": [ 90051 ], "timestamp": "2018-02-08 06:31:18Z", "trace_id": "52f8aa2b-9f98-4ba6-b778-c0ba484a3c00", "correlation_id": "67100192-82c8-41ea-a5ca-fd9872caaf2e" }
The same error occurs when we try to change the url to https://login.windows.de/common/oauth2/token
