@softeria/ms-365-mcp-server 0.121.0 → 0.122.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -0
- package/dist/auth.js +6 -1
- package/dist/cli.js +12 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -150,6 +150,18 @@ Scope coverage is hierarchy-aware: for example, `Mail.ReadWrite` covers tools th
|
|
|
150
150
|
|
|
151
151
|
In HTTP mode, OAuth discovery advertises the effective filtered permissions so clients request the same consent surface. On-Behalf-Of mode (`--obo`) still advertises `api://<clientId>/access_as_user` for protected-resource metadata; `--allowed-scopes` does not override OBO.
|
|
152
152
|
|
|
153
|
+
### Requesting extra scopes
|
|
154
|
+
|
|
155
|
+
`--allowed-scopes` only ever _narrows_ the token request. To request a Graph scope that no bundled tool needs — for example to drive an endpoint via `graph-batch` — use `--extra-scopes` (or `MS365_MCP_EXTRA_SCOPES`). These scopes are appended verbatim to the token request, on top of the tool-derived scopes.
|
|
156
|
+
|
|
157
|
+
```bash
|
|
158
|
+
npx @softeria/ms-365-mcp-server \
|
|
159
|
+
--org-mode \
|
|
160
|
+
--extra-scopes 'CopilotPackages.ReadWrite.All'
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
This is for use with your own Azure app registration (`MS365_MCP_CLIENT_ID` / `MS365_MCP_CLIENT_SECRET`): the default Softeria app only declares a lean, fixed permission set, so request additional scopes against an app you control (your tenant admin consents to them there). CLI value takes precedence over the env var; an empty value fails at startup.
|
|
164
|
+
|
|
153
165
|
## Organization/Work Mode
|
|
154
166
|
|
|
155
167
|
To access work/school features (Teams, SharePoint, etc.), enable organization mode using any of these flags:
|
|
@@ -542,6 +554,7 @@ The following options can be used when running ms-365-mcp-server directly from t
|
|
|
542
554
|
--force-work-scopes Backwards compatibility alias for --org-mode (deprecated)
|
|
543
555
|
--cloud <type> Microsoft cloud environment: global (default) or china (21Vianet)
|
|
544
556
|
--allowed-scopes <scopes> Limit exposed tools to Graph scopes covered by this allowlist
|
|
557
|
+
--extra-scopes <scopes> Append additional Graph scopes to the token request (for use with your own app registration + graph-batch)
|
|
545
558
|
--expected-username <username> Require local MSAL auth to use this account username
|
|
546
559
|
--expected-home-account-id <id> Require local MSAL auth to use this exact homeAccountId
|
|
547
560
|
```
|
package/dist/auth.js
CHANGED
|
@@ -218,7 +218,12 @@ function buildAllowedScopeDiagnostics(options = {}) {
|
|
|
218
218
|
};
|
|
219
219
|
}
|
|
220
220
|
function resolveAuthScopes(options = {}) {
|
|
221
|
-
|
|
221
|
+
const toolScopes = buildAllowedScopeDiagnostics(options).effectivePermissions;
|
|
222
|
+
const extraScopes = parseAllowedScopes(options.extraScopes);
|
|
223
|
+
if (!extraScopes || extraScopes.length === 0) {
|
|
224
|
+
return toolScopes;
|
|
225
|
+
}
|
|
226
|
+
return Array.from(/* @__PURE__ */ new Set([...toolScopes, ...extraScopes]));
|
|
222
227
|
}
|
|
223
228
|
function buildScopeDiagnostics(toolScopes, allowedScopesInput) {
|
|
224
229
|
const toolPermissions = [...toolScopes].sort((a, b) => a.localeCompare(b));
|
package/dist/cli.js
CHANGED
|
@@ -26,6 +26,9 @@ program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").versio
|
|
|
26
26
|
).option(
|
|
27
27
|
"--allowed-scopes <scopes>",
|
|
28
28
|
"Limit exposed tools to Graph scopes covered by this whitespace-separated allowlist"
|
|
29
|
+
).option(
|
|
30
|
+
"--extra-scopes <scopes>",
|
|
31
|
+
"Append additional Graph scopes (whitespace-separated) to the token request, beyond those derived from enabled tools. Use with your own app registration (MS365_MCP_CLIENT_ID/SECRET) to request scopes the default app does not declare, then call the endpoints via graph-batch."
|
|
29
32
|
).option(
|
|
30
33
|
"--preset <names>",
|
|
31
34
|
"Use preset tool categories (comma-separated). Available: mail, calendar, files, personal, work, excel, contacts, tasks, onenote, search, users, all"
|
|
@@ -97,6 +100,15 @@ function parseArgs() {
|
|
|
97
100
|
);
|
|
98
101
|
process.exit(1);
|
|
99
102
|
}
|
|
103
|
+
if (options.extraScopes === void 0 && process.env.MS365_MCP_EXTRA_SCOPES !== void 0) {
|
|
104
|
+
options.extraScopes = process.env.MS365_MCP_EXTRA_SCOPES;
|
|
105
|
+
}
|
|
106
|
+
if (options.extraScopes !== void 0 && options.extraScopes.trim() === "") {
|
|
107
|
+
console.error(
|
|
108
|
+
"Error: --extra-scopes / MS365_MCP_EXTRA_SCOPES was provided but is empty. Provide one or more whitespace-separated scopes, or omit it."
|
|
109
|
+
);
|
|
110
|
+
process.exit(1);
|
|
111
|
+
}
|
|
100
112
|
if (options.expectedUsername === void 0 && process.env.MS365_MCP_EXPECTED_USERNAME !== void 0) {
|
|
101
113
|
options.expectedUsername = process.env.MS365_MCP_EXPECTED_USERNAME;
|
|
102
114
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@softeria/ms-365-mcp-server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.122.0",
|
|
4
4
|
"description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|