Is it possible use the AAD-based "api" for authorization/token issuing (with refresh tokens) using a management port/token ? much as folks use the ACS-based API similarly (though it has no refresh token support)
I ask as I've managed to dominate the OWIN code for making authorization servers, seeing clearly how the callback classes that might issue an access token can handoff such work ... to ACS. Similarly, I see how ACS's api for checking service principal names/passwords can be used in "OWIN's" authorization middleware whose clientcredentialsgrant callbacks might leverage such a supproting API.
Now comes the question.... rather than use ACS in this role, is there an management port/API exposed by AAD, instead?
That is we dont want the oauth2 endpoints of AAD itself (that come bound up with policy). We want the API underlying those endpoints, so we can wrap our own policy into our own authorization/token endpoints (but AAD does the grunt work, much as ACS does grunt work to do with grants, grant management etc....)