Thanks @meztez for the response.
I think I'm pretty close already - I just can't seem to specify where the plumber package (whether local or docker or RStudio Connect) constructs a redirect URI back to https://<host>/__docs__/oauth2-redirect.html.
When I set the API spec to:
pr$setApiSpec(function(spec) {
spec$components$securitySchemes$azureoauth$flows$authorizationCode$authorizationUrl <- 'https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize?redirect_uri=https://<HOST>/__docs__/oauth2-redirect.html'
And click authorize, I can see there are two distinct redirect_uri specified in the query:
https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize?redirect_uri=http://localhost:8100/__docs__/oauth2-redirect.html&response_type=code&client_id=<CLIENT_ID>&redirect_uri=http%3A%2F%2Flocalhost%3A8100%2Foauth2-redirect.html&scope=https%3A%2F%2Fgraph.microsoft.com%2FUser.Read&state=<SNIP>
My gut is that if I'm able to set the original redirect URI, then I'm golden.
Perhaps more reasonably, since plumber creates the /__docs__/ path, I think it would make sense to try to get that passed to the modal at that stage. Would this potentially fall into something that is a client-specific parameter? As the RStudio swagger package does provide the oauth2-redirect.html file, I'm trying to figure out where in either the RStudio/Swagger or RStudio/plumber package of the setting of the redirect is specified (and how its passed eventually to that specific Authorization modal).
Having something like this would be very useful, as we could authorize groups to access specific Azure resources, without the need to also need to pass that group via App Registration then Enterprise Application then RStudio Connect. If I'm not mistaken, I would think other plumber users would benefit as well with the OAuth2 as an authentication mechanism.
Aside, @Hong I'm trying to figure out how to build AzureAuth into this as a filter to check the token's validity/refresh before passing it along to the endpoint as well. I'm trying to figure out how to get the redirect back to plumber - I think its a bit of httpuv I'm trying to understand.