@softeria/ms-365-mcp-server 0.127.0 → 0.128.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,9 +1,17 @@
1
1
  import logger from "../logger.js";
2
2
  import { getCloudEndpoints } from "../cloud-config.js";
3
- function buildWwwAuthenticate(req, error, description) {
3
+ function buildResourceMetadataUrl(req, publicUrl) {
4
+ if (publicUrl) {
5
+ const parsed = new URL(publicUrl);
6
+ const path = parsed.pathname.replace(/\/$/, "");
7
+ return `${parsed.origin}/.well-known/oauth-protected-resource${path}`;
8
+ }
4
9
  const protocol = req.secure ? "https" : "http";
5
10
  const origin = `${protocol}://${req.get("host")}`;
6
- const resourceMetadata = `${origin}/.well-known/oauth-protected-resource`;
11
+ return `${origin}/.well-known/oauth-protected-resource`;
12
+ }
13
+ function buildWwwAuthenticate(req, error, description, publicUrl) {
14
+ const resourceMetadata = buildResourceMetadataUrl(req, publicUrl);
7
15
  return `Bearer resource_metadata="${resourceMetadata}", error="${error}", error_description="${description}"`;
8
16
  }
9
17
  function isJwtExpired(token) {
@@ -46,7 +54,12 @@ const microsoftBearerTokenAuthMiddleware = (opts = {}) => (req, res, next) => {
46
54
  }
47
55
  res.status(401).set(
48
56
  "WWW-Authenticate",
49
- buildWwwAuthenticate(req, "invalid_token", "Missing or malformed Authorization header")
57
+ buildWwwAuthenticate(
58
+ req,
59
+ "invalid_token",
60
+ "Missing or malformed Authorization header",
61
+ opts.publicUrl
62
+ )
50
63
  ).json({
51
64
  error: "invalid_token",
52
65
  error_description: "Missing or malformed Authorization header"
@@ -57,7 +70,7 @@ const microsoftBearerTokenAuthMiddleware = (opts = {}) => (req, res, next) => {
57
70
  if (isJwtExpired(accessToken)) {
58
71
  res.status(401).set(
59
72
  "WWW-Authenticate",
60
- buildWwwAuthenticate(req, "invalid_token", "The access token has expired")
73
+ buildWwwAuthenticate(req, "invalid_token", "The access token has expired", opts.publicUrl)
61
74
  ).json({ error: "invalid_token", error_description: "The access token has expired" });
62
75
  return;
63
76
  }
package/dist/server.js CHANGED
@@ -229,7 +229,7 @@ class MicrosoftGraphServer {
229
229
  const metadata = {
230
230
  issuer: browserBase,
231
231
  authorization_endpoint: `${browserBase}/authorize`,
232
- token_endpoint: `${requestOrigin}/token`,
232
+ token_endpoint: `${browserBase}/token`,
233
233
  response_types_supported: ["code"],
234
234
  response_modes_supported: ["query"],
235
235
  grant_types_supported: ["authorization_code", "refresh_token"],
@@ -238,23 +238,25 @@ class MicrosoftGraphServer {
238
238
  scopes_supported: scopes
239
239
  };
240
240
  if (this.options.enableDynamicRegistration) {
241
- metadata.registration_endpoint = `${requestOrigin}/register`;
241
+ metadata.registration_endpoint = `${browserBase}/register`;
242
242
  }
243
243
  res.json(metadata);
244
244
  });
245
- app.get("/.well-known/oauth-protected-resource", async (req, res) => {
245
+ const protectedResourcesHandler = async (req, res) => {
246
246
  const protocol = req.secure ? "https" : "http";
247
247
  const requestOrigin = `${protocol}://${req.get("host")}`;
248
248
  const browserBase = publicBase ?? requestOrigin;
249
249
  const scopes = this.options.obo ? [`${this.secrets.clientId}/access_as_user`] : resolveAuthScopes(this.options);
250
250
  res.json({
251
- resource: `${requestOrigin}/mcp`,
251
+ resource: `${browserBase}/mcp`,
252
252
  authorization_servers: [browserBase],
253
253
  scopes_supported: scopes,
254
254
  bearer_methods_supported: ["header"],
255
255
  resource_documentation: browserBase
256
256
  });
257
- });
257
+ };
258
+ app.get("/.well-known/oauth-protected-resource", protectedResourcesHandler);
259
+ app.get("/.well-known/oauth-protected-resource/*path", protectedResourcesHandler);
258
260
  if (this.options.enableDynamicRegistration) {
259
261
  app.post("/register", async (req, res) => {
260
262
  const body = req.body;
@@ -470,7 +472,8 @@ class MicrosoftGraphServer {
470
472
  );
471
473
  const mcpAuth = microsoftBearerTokenAuthMiddleware({
472
474
  trustProxyAuth: this.options.trustProxyAuth,
473
- allowUnauthenticatedDiscovery: this.options.allowUnauthenticatedDiscovery
475
+ allowUnauthenticatedDiscovery: this.options.allowUnauthenticatedDiscovery,
476
+ publicUrl: publicBase
474
477
  });
475
478
  app.get(
476
479
  "/mcp",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@softeria/ms-365-mcp-server",
3
- "version": "0.127.0",
3
+ "version": "0.128.0",
4
4
  "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",