@mcp-consultant-tools/azure-b2c 22.0.0-beta.4

package/README.md

@@ -0,0 +1,123 @@
+# @mcp-consultant-tools/azure-b2c
+
+MCP server for Azure AD B2C user management via Microsoft Graph API.
+
+## Features
+
+- **User Management**: List, search, get user details
+- **Group Operations**: List groups, get memberships
+- **Password Reset**: Reset passwords, force change on next login
+- **User Lifecycle**: Create, update, and delete users
+- **Granular Security**: Separate flags for each write operation type
+
+## Installation
+
+```bash
+npm install @mcp-consultant-tools/azure-b2c
+```
+
+## Configuration
+
+### Required Environment Variables
+
+```bash
+AZURE_B2C_TENANT_ID=your-tenant.onmicrosoft.com  # or tenant GUID
+AZURE_B2C_CLIENT_ID=app-registration-client-id
+AZURE_B2C_CLIENT_SECRET=app-registration-secret
+```
+
+### Optional Security Flags
+
+All write operations are disabled by default. Enable only what you need:
+
+```bash
+AZURE_B2C_ENABLE_PASSWORD_RESET=true   # Enable password reset tools
+AZURE_B2C_ENABLE_USER_CREATE=true      # Enable user creation/update
+AZURE_B2C_ENABLE_USER_DELETE=true      # Enable user deletion (dangerous!)
+```
+
+### Optional Settings
+
+```bash
+AZURE_B2C_MAX_RESULTS=100              # Max users/groups per request
+```
+
+## Azure Setup Requirements
+
+1. **Create App Registration** in your B2C tenant
+2. **Add API Permissions** (Application type):
+   - `User.ReadWrite.All`
+   - `Directory.ReadWrite.All` (for group operations)
+3. **Grant Admin Consent** for the permissions
+4. **Assign Role**: Add "User Administrator" role to the app's service principal
+
+## Tools (11)
+
+### Read-Only (Always Enabled)
+
+| Tool | Description |
+|------|-------------|
+| `b2c-list-users` | List users with optional filtering |
+| `b2c-get-user` | Get user by ID or email |
+| `b2c-search-users` | Search by name, email |
+| `b2c-list-groups` | List all groups |
+| `b2c-get-user-groups` | Get groups for a user |
+| `b2c-get-group-members` | Get members of a group |
+
+### Password Operations (Requires `AZURE_B2C_ENABLE_PASSWORD_RESET=true`)
+
+| Tool | Description |
+|------|-------------|
+| `b2c-reset-user-password` | Set new password |
+| `b2c-force-password-change` | Force change on next login |
+
+### User Creation (Requires `AZURE_B2C_ENABLE_USER_CREATE=true`)
+
+| Tool | Description |
+|------|-------------|
+| `b2c-create-user` | Create new local account |
+| `b2c-update-user` | Update user profile |
+
+### User Deletion (Requires `AZURE_B2C_ENABLE_USER_DELETE=true`)
+
+| Tool | Description |
+|------|-------------|
+| `b2c-delete-user` | Delete user (irreversible!) |
+
+## Prompts (2)
+
+| Prompt | Description |
+|--------|-------------|
+| `b2c-user-overview` | Formatted user profile with groups |
+| `b2c-tenant-summary` | Tenant statistics |
+
+## Usage Example
+
+### MCP Client Configuration
+
+```json
+{
+  "mcpServers": {
+    "azure-b2c": {
+      "command": "npx",
+      "args": ["@mcp-consultant-tools/azure-b2c"],
+      "env": {
+        "AZURE_B2C_TENANT_ID": "contoso.onmicrosoft.com",
+        "AZURE_B2C_CLIENT_ID": "your-client-id",
+        "AZURE_B2C_CLIENT_SECRET": "your-secret",
+        "AZURE_B2C_ENABLE_PASSWORD_RESET": "true"
+      }
+    }
+  }
+}
+```
+
+## Important Notes
+
+- **Local Accounts Only**: Password operations only work for local B2C accounts, not federated/social accounts
+- **Password Requirements**: Passwords must be 8-256 characters with at least 3 of: lowercase, uppercase, digit, symbol
+- **Deletion is Permanent**: The delete operation cannot be undone
+
+## License
+
+MIT

package/build/AzureB2CService.d.ts

@@ -0,0 +1,231 @@
+/**
+ * Azure AD B2C Integration
+ *
+ * Provides user management capabilities for Azure AD B2C tenants via Microsoft Graph API.
+ * Supports user listing, search, password management, and group operations.
+ *
+ * Security Model:
+ * - Read-only operations: Always enabled (list, get, search users/groups)
+ * - Password operations: Requires AZURE_B2C_ENABLE_PASSWORD_RESET=true
+ * - User creation: Requires AZURE_B2C_ENABLE_USER_CREATE=true
+ * - User deletion: Requires AZURE_B2C_ENABLE_USER_DELETE=true
+ *
+ * Authentication:
+ * - Uses Microsoft Graph API with client credentials flow
+ * - Requires app registration with User.ReadWrite.All permission
+ * - App must have "User Administrator" role for password operations
+ */
+/**
+ * Azure B2C user representation
+ */
+export interface B2CUser {
+    id: string;
+    displayName: string;
+    givenName?: string;
+    surname?: string;
+    userPrincipalName: string;
+    mail?: string;
+    otherMails?: string[];
+    identities?: B2CIdentity[];
+    accountEnabled: boolean;
+    createdDateTime?: string;
+    lastSignInDateTime?: string;
+    jobTitle?: string;
+    department?: string;
+    mobilePhone?: string;
+    city?: string;
+    country?: string;
+}
+/**
+ * B2C Identity (local or federated)
+ */
+export interface B2CIdentity {
+    signInType: string;
+    issuer: string;
+    issuerAssignedId: string;
+}
+/**
+ * B2C Group representation
+ */
+export interface B2CGroup {
+    id: string;
+    displayName: string;
+    description?: string;
+    mailEnabled: boolean;
+    securityEnabled: boolean;
+    memberCount?: number;
+}
+/**
+ * Password profile for user creation/update
+ */
+export interface PasswordProfile {
+    password: string;
+    forceChangePasswordNextSignIn: boolean;
+}
+/**
+ * User creation request
+ */
+export interface CreateUserRequest {
+    displayName: string;
+    identities: B2CIdentity[];
+    passwordProfile: PasswordProfile;
+    givenName?: string;
+    surname?: string;
+    jobTitle?: string;
+    department?: string;
+    mobilePhone?: string;
+    city?: string;
+    country?: string;
+}
+/**
+ * User update request
+ */
+export interface UpdateUserRequest {
+    displayName?: string;
+    givenName?: string;
+    surname?: string;
+    jobTitle?: string;
+    department?: string;
+    mobilePhone?: string;
+    city?: string;
+    country?: string;
+    accountEnabled?: boolean;
+}
+/**
+ * Azure B2C service configuration
+ */
+export interface AzureB2CConfig {
+    tenantId: string;
+    clientId: string;
+    clientSecret: string;
+    enablePasswordReset: boolean;
+    enableUserCreate: boolean;
+    enableUserDelete: boolean;
+    maxResults?: number;
+    cacheUsersTTL?: number;
+}
+/**
+ * Tenant summary information
+ */
+export interface TenantSummary {
+    tenantId: string;
+    userCount: number;
+    groupCount: number;
+    enabledUserCount: number;
+    disabledUserCount: number;
+    localAccountCount: number;
+    federatedAccountCount: number;
+}
+export declare class AzureB2CService {
+    private config;
+    private graphClient;
+    private credential;
+    private usersCache;
+    private groupsCache;
+    constructor(config: AzureB2CConfig);
+    /**
+     * Get or create the Microsoft Graph client
+     */
+    private getClient;
+    /**
+     * List all users with pagination
+     */
+    listUsers(top?: number, filter?: string, skipCache?: boolean): Promise<B2CUser[]>;
+    /**
+     * Get user by ID or email
+     */
+    getUser(userIdOrEmail: string): Promise<B2CUser>;
+    /**
+     * Search users by display name, email, or other criteria
+     */
+    searchUsers(searchTerm: string, searchFields?: ('displayName' | 'mail' | 'userPrincipalName' | 'givenName' | 'surname')[], top?: number): Promise<B2CUser[]>;
+    /**
+     * List all groups
+     */
+    listGroups(top?: number): Promise<B2CGroup[]>;
+    /**
+     * Get groups a user belongs to
+     */
+    getUserGroups(userId: string): Promise<B2CGroup[]>;
+    /**
+     * Get members of a group
+     */
+    getGroupMembers(groupId: string, top?: number): Promise<B2CUser[]>;
+    /**
+     * Reset user password
+     * Requires: AZURE_B2C_ENABLE_PASSWORD_RESET=true
+     */
+    resetUserPassword(userId: string, newPassword: string, forceChangeOnNextLogin?: boolean): Promise<void>;
+    /**
+     * Force password change on next login
+     * Requires: AZURE_B2C_ENABLE_PASSWORD_RESET=true
+     */
+    forcePasswordChange(userId: string): Promise<void>;
+    /**
+     * Create a new local account user
+     * Requires: AZURE_B2C_ENABLE_USER_CREATE=true
+     */
+    createUser(request: CreateUserRequest): Promise<B2CUser>;
+    /**
+     * Update user profile (non-password fields)
+     * Requires: AZURE_B2C_ENABLE_USER_CREATE=true
+     */
+    updateUser(userId: string, updates: UpdateUserRequest): Promise<B2CUser>;
+    /**
+     * Delete a user (irreversible)
+     * Requires: AZURE_B2C_ENABLE_USER_DELETE=true
+     */
+    deleteUser(userId: string): Promise<void>;
+    /**
+     * Get tenant summary (user/group counts)
+     */
+    getTenantSummary(): Promise<TenantSummary>;
+    /**
+     * Test connection to the B2C tenant
+     */
+    testConnection(): Promise<{
+        connected: boolean;
+        tenantId: string;
+        canReadUsers: boolean;
+        canReadGroups: boolean;
+        error?: string;
+    }>;
+    /**
+     * Get current configuration status
+     */
+    getConfigStatus(): {
+        tenantId: string;
+        enablePasswordReset: boolean;
+        enableUserCreate: boolean;
+        enableUserDelete: boolean;
+    };
+    /**
+     * Check if operation is permitted
+     */
+    private checkPermission;
+    /**
+     * Map Graph API user response to B2CUser
+     */
+    private mapUserResponse;
+    /**
+     * Map array of Graph API user responses
+     */
+    private mapUsersResponse;
+    /**
+     * Map Graph API group response to B2CGroup
+     */
+    private mapGroupResponse;
+    /**
+     * Map array of Graph API group responses
+     */
+    private mapGroupsResponse;
+    /**
+     * Enhance error with helpful context
+     */
+    private enhanceError;
+    /**
+     * Clear all caches
+     */
+    clearCache(): void;
+}
+//# sourceMappingURL=AzureB2CService.d.ts.map

package/build/AzureB2CService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AzureB2CService.d.ts","sourceRoot":"","sources":["../src/AzureB2CService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAWH;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,CAAC,EAAE,WAAW,EAAE,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B,EAAE,OAAO,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,WAAW,EAAE,CAAC;IAC1B,eAAe,EAAE,eAAe,CAAC;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB,EAAE,MAAM,CAAC;CAC/B;AAMD,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,UAAU,CAAuC;IAGzD,OAAO,CAAC,UAAU,CAAqD;IACvE,OAAO,CAAC,WAAW,CAAsD;gBAE7D,MAAM,EAAE,cAAc;IAoBlC;;OAEG;IACH,OAAO,CAAC,SAAS;IA2BjB;;OAEG;IACG,SAAS,CACb,GAAG,GAAE,MAAW,EAChB,MAAM,CAAC,EAAE,MAAM,EACf,SAAS,GAAE,OAAe,GACzB,OAAO,CAAC,OAAO,EAAE,CAAC;IAyErB;;OAEG;IACG,OAAO,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAsDtD;;OAEG;IACG,WAAW,CACf,UAAU,EAAE,MAAM,EAClB,YAAY,GAAE,CAAC,aAAa,GAAG,MAAM,GAAG,mBAAmB,GAAG,WAAW,GAAG,SAAS,CAAC,EAA4B,EAClH,GAAG,GAAE,MAAW,GACf,OAAO,CAAC,OAAO,EAAE,CAAC;IA8DrB;;OAEG;IACG,UAAU,CAAC,GAAG,GAAE,MAAW,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAmDvD;;OAEG;IACG,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IA0CxD;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,GAAE,MAAW,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;IAwD5E;;;OAGG;IACG,iBAAiB,CACrB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,sBAAsB,GAAE,OAAe,GACtC,OAAO,CAAC,IAAI,CAAC;IA0ChB;;;OAGG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA4CxD;;;OAGG;IACG,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmD9D;;;OAGG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC;IA8C9E;;;OAGG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAwC/C;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,aAAa,CAAC;IA6DhD;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAC9B,SAAS,EAAE,OAAO,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,OAAO,CAAC;QACtB,aAAa,EAAE,OAAO,CAAC;QACvB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;IAyDF;;OAEG;IACH,eAAe,IAAI;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,mBAAmB,EAAE,OAAO,CAAC;QAC7B,gBAAgB,EAAE,OAAO,CAAC;QAC1B,gBAAgB,EAAE,OAAO,CAAC;KAC3B;IAaD;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAoBvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAIxB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAUxB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAIzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAwCpB;;OAEG;IACH,UAAU,IAAI,IAAI;CAInB"}