npm - @softeria/ms-365-mcp-server - Versions diffs - 0.27.0 → 0.28.0 - Mend

@softeria/ms-365-mcp-server 0.27.0 → 0.28.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +2 -2
package/dist/cli.js +2 -2
package/dist/generated/client.js +1 -1
package/dist/graph-client.js +4 -2
package/dist/lib/microsoft-auth.js +13 -8
package/dist/server.js +42 -23
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -308,13 +308,13 @@ registration:
 4. **Get Credentials**:
 - Copy the **Application (client) ID** from Overview page
-- Go to Certificates & secrets → New client secret → Copy the secret value
+- Go to Certificates & secrets → New client secret → Copy the secret value (optional for public apps)
 5. **Configure Environment Variables**:
    Create a `.env` file in your project root:
    ```env
    MS365_MCP_CLIENT_ID=your-azure-ad-app-client-id-here
-   MS365_MCP_CLIENT_SECRET=your-azure-ad-app-client-secret-here
+   MS365_MCP_CLIENT_SECRET=your-secret-here  # Optional for public apps
    MS365_MCP_TENANT_ID=common
    ```

package/dist/cli.js CHANGED Viewed

@@ -9,8 +9,8 @@ const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));
 const version = packageJson.version;
 const program = new Command();
 program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").version(version).option("-v", "Enable verbose logging").option("--login", "Login using device code flow").option("--logout", "Log out and clear saved credentials").option("--verify-login", "Verify login without starting the server").option("--list-accounts", "List all cached accounts").option("--select-account <accountId>", "Select a specific account by ID").option("--remove-account <accountId>", "Remove a specific account by ID").option("--read-only", "Start server in read-only mode, disabling write operations").option(
-  "--http [port]",
-  "Use Streamable HTTP transport instead of stdio (optionally specify port, default: 3000)"
+  "--http [address]",
+  'Use Streamable HTTP transport instead of stdio. Format: [host:]port (e.g., "localhost:3000", ":3000", "3000"). Default: all interfaces on port 3000'
 ).option(
   "--enable-auth-tools",
   "Enable login/logout tools when using HTTP mode (disabled by default in HTTP mode)"

package/dist/generated/client.js CHANGED Viewed

@@ -3041,7 +3041,7 @@ const microsoft_graph_searchRequest = z.object({
     "This triggers hybrid sort for messages : the first 3 messages are the most relevant. This property is only applicable to entityType=message. Optional."
   ).nullish(),
   entityTypes: z.array(z.union([microsoft_graph_entityType, z.object({}).partial().strict()])).describe(
-    "One or more types of resources expected in the response. Possible values are: event, message, driveItem, externalItem, site, list, listItem, drive, chatMessage, person, acronym, bookmark.  Use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: chatMessage, person, acronym, bookmark. See known limitations for those combinations of two or more entity types that are supported in the same search request. Required."
+    "One or more types of resources expected in the response. Possible values are: event, message, driveItem, externalItem, site, list, listItem, drive, chatMessage, person, acronym, bookmark.  Use the Prefer: include-unknown-enum-members request header to get the following members in this evolvable enum: chatMessage, person, acronym, bookmark. See known limitations for those combinations of two or more entity types that are supported in the same search request. Required."
   ).optional(),
   fields: z.array(z.string().nullable()).describe(
     "Contains the fields to be returned for each resource object specified in entityTypes, allowing customization of the fields returned by default; otherwise, including additional fields such as custom managed properties from SharePoint and OneDrive, or custom fields in externalItem from the content that Microsoft 365 Copilot connectors bring in. The fields property can use the semantic labels applied to properties. For example, if a property is labeled as title, you can retrieve it using the following syntax: label_title. Optional."

package/dist/graph-client.js CHANGED Viewed

@@ -75,8 +75,10 @@ class GraphClient {
     const tenantId = process.env.MS365_MCP_TENANT_ID || "common";
     const clientId = process.env.MS365_MCP_CLIENT_ID || "084a3e9f-a9f4-43f7-89f9-d229cf97853e";
     const clientSecret = process.env.MS365_MCP_CLIENT_SECRET;
-    if (!clientSecret) {
-      throw new Error("MS365_MCP_CLIENT_SECRET not configured");
+    if (clientSecret) {
+      logger.info("GraphClient: Refreshing token with confidential client");
+    } else {
+      logger.info("GraphClient: Refreshing token with public client");
     }
     const response = await refreshAccessToken(refreshToken, clientId, clientSecret, tenantId);
     this.accessToken = response.access_token;

package/dist/lib/microsoft-auth.js CHANGED Viewed

@@ -18,9 +18,11 @@ async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, t
     grant_type: "authorization_code",
     code,
     redirect_uri: redirectUri,
-    client_id: clientId,
-    client_secret: clientSecret
+    client_id: clientId
   });
+  if (clientSecret) {
+    params.append("client_secret", clientSecret);
+  }
   if (codeVerifier) {
     params.append("code_verifier", codeVerifier);
   }
@@ -39,17 +41,20 @@ async function exchangeCodeForToken(code, redirectUri, clientId, clientSecret, t
   return response.json();
 }
 async function refreshAccessToken(refreshToken, clientId, clientSecret, tenantId = "common") {
+  const params = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+    client_id: clientId
+  });
+  if (clientSecret) {
+    params.append("client_secret", clientSecret);
+  }
   const response = await fetch(`https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`, {
     method: "POST",
     headers: {
       "Content-Type": "application/x-www-form-urlencoded"
     },
-    body: new URLSearchParams({
-      grant_type: "refresh_token",
-      refresh_token: refreshToken,
-      client_id: clientId,
-      client_secret: clientSecret
-    })
+    body: params
   });
   if (!response.ok) {
     const error = await response.text();

package/dist/server.js CHANGED Viewed

@@ -16,6 +16,20 @@ import {
   refreshAccessToken
 } from "./lib/microsoft-auth.js";
 const registeredClients = /* @__PURE__ */ new Map();
+function parseHttpOption(httpOption) {
+  if (typeof httpOption === "boolean") {
+    return { host: void 0, port: 3e3 };
+  }
+  const httpString = httpOption.trim();
+  if (httpString.includes(":")) {
+    const [hostPart, portPart] = httpString.split(":");
+    const host = hostPart || void 0;
+    const port2 = parseInt(portPart) || 3e3;
+    return { host, port: port2 };
+  }
+  const port = parseInt(httpString) || 3e3;
+  return { host: void 0, port };
+}
 class MicrosoftGraphServer {
   constructor(authManager, options = {}) {
     this.authManager = authManager;
@@ -66,7 +80,7 @@ class MicrosoftGraphServer {
       logger.info("Server running in READ-ONLY mode. Write operations are disabled.");
     }
     if (this.options.http) {
-      const port = typeof this.options.http === "string" ? parseInt(this.options.http) : 3e3;
+      const { host, port } = parseHttpOption(this.options.http);
       const app = express();
       app.set("trust proxy", true);
       app.use(express.json());
@@ -200,13 +214,10 @@ class MicrosoftGraphServer {
             const tenantId = process.env.MS365_MCP_TENANT_ID || "common";
             const clientId = process.env.MS365_MCP_CLIENT_ID || "084a3e9f-a9f4-43f7-89f9-d229cf97853e";
             const clientSecret = process.env.MS365_MCP_CLIENT_SECRET;
-            if (!clientSecret) {
-              logger.error("Token endpoint: MS365_MCP_CLIENT_SECRET is not configured");
-              res.status(500).json({
-                error: "server_error",
-                error_description: "Server configuration error"
-              });
-              return;
+            if (clientSecret) {
+              logger.info("Token endpoint: Using confidential client with client_secret");
+            } else {
+              logger.info("Token endpoint: Using public client without client_secret");
             }
             const result = await exchangeCodeForToken(
               body.code,
@@ -221,13 +232,10 @@ class MicrosoftGraphServer {
             const tenantId = process.env.MS365_MCP_TENANT_ID || "common";
             const clientId = process.env.MS365_MCP_CLIENT_ID || "084a3e9f-a9f4-43f7-89f9-d229cf97853e";
             const clientSecret = process.env.MS365_MCP_CLIENT_SECRET;
-            if (!clientSecret) {
-              logger.error("Token endpoint: MS365_MCP_CLIENT_SECRET is not configured");
-              res.status(500).json({
-                error: "server_error",
-                error_description: "Server configuration error"
-              });
-              return;
+            if (clientSecret) {
+              logger.info("Refresh endpoint: Using confidential client with client_secret");
+            } else {
+              logger.info("Refresh endpoint: Using public client without client_secret");
             }
             const result = await refreshAccessToken(
               body.refresh_token,
@@ -329,14 +337,25 @@ class MicrosoftGraphServer {
       app.get("/", (req, res) => {
         res.send("Microsoft 365 MCP Server is running");
       });
-      app.listen(port, () => {
-        logger.info(`Server listening on HTTP port ${port}`);
-        logger.info(`  - MCP endpoint: http://localhost:${port}/mcp`);
-        logger.info(`  - OAuth endpoints: http://localhost:${port}/auth/*`);
-        logger.info(
-          `  - OAuth discovery: http://localhost:${port}/.well-known/oauth-authorization-server`
-        );
-      });
+      if (host) {
+        app.listen(port, host, () => {
+          logger.info(`Server listening on ${host}:${port}`);
+          logger.info(`  - MCP endpoint: http://${host}:${port}/mcp`);
+          logger.info(`  - OAuth endpoints: http://${host}:${port}/auth/*`);
+          logger.info(
+            `  - OAuth discovery: http://${host}:${port}/.well-known/oauth-authorization-server`
+          );
+        });
+      } else {
+        app.listen(port, () => {
+          logger.info(`Server listening on all interfaces (0.0.0.0:${port})`);
+          logger.info(`  - MCP endpoint: http://localhost:${port}/mcp`);
+          logger.info(`  - OAuth endpoints: http://localhost:${port}/auth/*`);
+          logger.info(
+            `  - OAuth discovery: http://localhost:${port}/.well-known/oauth-authorization-server`
+          );
+        });
+      }
     } else {
       const transport = new StdioServerTransport();
       await this.server.connect(transport);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.27.0",
+  "version": "0.28.0",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",
@@ -13,7 +13,7 @@
     "test": "vitest run",
     "test:watch": "vitest",
     "dev": "tsx src/index.ts",
-    "dev:http": "tsx --watch src/index.ts --http 3000 -v",
+    "dev:http": "tsx --watch src/index.ts --http 127.0.0.1:3000 -v",
     "format": "prettier --write \"**/*.{ts,mts,js,mjs,json,md}\"",
     "format:check": "prettier --check \"**/*.{ts,mts,js,mjs,json,md}\"",
     "lint": "eslint .",