With most UCWA applications you have to start somewhere and where better to start than Autodiscovery (or AutoDiscovery). By contacting the Autodiscover service in your Lync Server topology, it is possible to locate the user and xframe hrefs which are needed to begin the initial steps of UCWA. Depending on the Lync Server 2013 setup it is possible to see the Autodiscover service from a few locations:
In most typical setups you can ignore the http variants leaving just https://lyncdiscoverinternal.domain.com (internal) and https://lyncdiscover.domain.com (external). The general idea being try the internal location first (in the event that the application is running within the hosted environment) with a fallback the external location. A typical successful response appears as follows:
Reading the WWW-Authenticate headers it is possible to determine that the previous Lync Server has an OAuth Token service at https://lync.domain.com/WebTicket/oauthtoken supporting the following grant types: urn:microsoft.rtc:windows (Windows Login), urn:microsoft.rtc:anonmeeting, and password.
The xframe href leads to XFrame which is the conduit for cross-domain requests. The general intention is to embedded this into the Html page via an iframe and this can be achieved using the UCWA Helper libraries, specifically Transport.js -> injectFrame(...). Once the iframe is properly loaded making cross-domain requests is much simpler using Transport.js. A savvy user from creating their own stringified Json and doing a postMessage directly on the iframe, but it would require handling the onmessage for the host page.
One more thing...
You should really upgrade to Lync Server 2013 CU1!
Next in line is a look at Authentication including how to use each grant type.