I'm working on a multi-tenant connected app and running into trouble with deployment/publishing. The app performs OAuth via the Web Server Flow described in documentation (https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_oauth_web_server_flow.htm&language=en_US). I used the https://login.salesforce.com authorize endpoint, which worked just fine with localhost Callback URLs (even worked multi-tenant). However, it no longer works with the web app deployed to a production web server. I get the following error:

error=invalid_client_id&error_description=client%20identifier%20invalid

Based on some additional investigation, I saw guidance on using an instance-specific authorize endpoint (ex: https://na34.salesforce.com). I tried this and it WORKS, but only for the host tenant and clearly isn't multi-tenant (my other tenant is on instance na24). What do I need to do to have my connected app work across any salesforce organization? Documentation is lacking...I only found one small mention of packaging connected apps HERE (https://help.salesforce.com/apex/HTViewHelpDoc?id=connected_app_edit.htm&language=en_US)