From 6f4404d790841a685351f98962b7a46e485a75db Mon Sep 17 00:00:00 2001
From: Marty McFly <mrtymfly85@delorean88.local>
Date: Thu, 25 Jun 2026 22:09:08 -0400
Subject: [PATCH] feat: support MOG_TENANT_ID env var for single-tenant Azure
 AD apps

Adds initAuthURL() that reads MOG_TENANT_ID environment variable to
construct the OAuth2 endpoint URL. Falls back to /common/ when not set,
maintaining backward compatibility.

This enables mogcli to work with single-tenant Azure AD app registrations,
which require tenant-specific OAuth endpoints instead of the /common/
multi-tenant endpoint.
---
 internal/graph/client.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/internal/graph/client.go b/internal/graph/client.go
index 8bf282b..6187375 100644
--- a/internal/graph/client.go
+++ b/internal/graph/client.go
@@ -10,6 +10,7 @@ import (
 	"io"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
 	"time"
 
@@ -21,9 +22,18 @@ var (
 	// It can be overridden for testing.
 	GraphBaseURL = "https://graph.microsoft.com/v1.0"
 	// AuthURL is the base URL for OAuth2 authentication.
-	AuthURL = "https://login.microsoftonline.com/common/oauth2/v2.0"
+	// Supports MOG_TENANT_ID env var for single-tenant apps.
+	AuthURL = initAuthURL()
 )
 
+func initAuthURL() string {
+	tenant := os.Getenv("MOG_TENANT_ID")
+	if tenant == "" {
+		tenant = "common"
+	}
+	return "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0"
+}
+
 // Client defines the interface for Microsoft Graph API operations.
 type Client interface {
 	Get(ctx context.Context, path string, query url.Values) ([]byte, error)