@softeria/ms-365-mcp-server 0.30.1 → 0.31.1

package/Dockerfile

@@ -1,9 +1,9 @@
-FROM node:20-alpine AS builder
+FROM node:24-alpine AS builder
 
 WORKDIR /app
 
 COPY package*.json ./
-RUN npm ci --ignore-scripts
+RUN npm i
 
 COPY . .
 RUN npm run generate
@@ -17,6 +17,6 @@ COPY --from=builder /app/dist /app/dist
 COPY --from=builder /app/package*.json ./
 
 ENV NODE_ENV=production
-RUN npm ci --ignore-scripts --omit=dev
+RUN npm i --ignore-scripts --omit=dev
 
 ENTRYPOINT ["node", "dist/index.js"]

package/README.md

@@ -269,6 +269,40 @@ claude mcp add ms365-china -s user -- cmd /c "npx -y @softeria/ms-365-mcp-server
 For other interfaces that support MCPs, please refer to their respective documentation for the correct
 integration method.
 
+### Open WebUI
+
+Open WebUI supports MCP servers via HTTP transport with OAuth 2.1.
+
+1. Start the server with HTTP mode and dynamic registration enabled:
+
+   ```bash
+   npx @softeria/ms-365-mcp-server --http --enable-dynamic-registration
+   ```
+
+2. In Open WebUI, go to **Admin Settings → Tools** (`/admin/settings/tools`) → **Add Connection**:
+   - **Type**: MCP Streamable HTTP
+   - **URL**: Your MCP server URL with `/mcp` path
+   - **Auth**: OAuth 2.1
+
+3. Click **Register Client**.
+
+> **Note**: The `--enable-dynamic-registration` is required for Open WebUI to work. If using a custom Azure Entra app, add your redirect URI under "Mobile and desktop applications" platform (not "Single-page application").
+
+**Quick test setup** using the default Azure app (ID `ms-365` and `localhost:8080` are pre-configured):
+
+```bash
+docker run -d -p 8080:8080 \
+  -e WEBUI_AUTH=false \
+  -e OPENAI_API_KEY \
+  ghcr.io/open-webui/open-webui:main
+
+npx @softeria/ms-365-mcp-server --http --enable-dynamic-registration
+```
+
+Then add connection with URL `http://localhost:3000/mcp` and ID `ms-365`.
+
+![Open WebUI MCP Connection](https://github.com/user-attachments/assets/dcab71dd-cf02-4bcb-b7db-5725d6be4064)
+
 ### Local Development
 
 For local development or testing:
@@ -434,6 +468,7 @@ When running as an MCP server, the following options can be used:
 --http [port]     Use Streamable HTTP transport instead of stdio (optionally specify port, default: 3000)
                   Starts Express.js server with MCP endpoint at /mcp
 --enable-auth-tools Enable login/logout tools when using HTTP mode (disabled by default in HTTP mode)
+--enable-dynamic-registration Enable OAuth Dynamic Client Registration endpoint (required for Open WebUI)
 --enabled-tools <pattern> Filter tools using regex pattern (e.g., "excel|contact" to enable Excel and Contact tools)
 --preset <names>  Use preset tool categories (comma-separated). See "Tool Presets" section above
 --list-presets    List all available presets and exit
@@ -552,4 +587,4 @@ If you're having problems or need help:
 
 ## License
 
-MIT © 2025 Softeria
+MIT © 2026 Softeria

package/dist/auth.js

@@ -80,9 +80,8 @@ function buildScopesFromEndpoints(includeWorkAccountScopes = false, enabledTools
     }
   });
   Object.entries(SCOPE_HIERARCHY).forEach(([higherScope, lowerScopes]) => {
-    if (lowerScopes.every((scope) => scopesSet.has(scope))) {
+    if (scopesSet.has(higherScope) && lowerScopes.every((scope) => scopesSet.has(scope))) {
       lowerScopes.forEach((scope) => scopesSet.delete(scope));
-      scopesSet.add(higherScope);
     }
   });
   const scopes = Array.from(scopesSet);

package/dist/cli.js

@@ -23,7 +23,10 @@ program.name("ms-365-mcp-server").description("Microsoft 365 MCP Server").versio
 ).option("--list-presets", "List all available presets and exit").option(
   "--org-mode",
   "Enable organization/work mode from start (includes Teams, SharePoint, etc.)"
-).option("--work-mode", "Alias for --org-mode").option("--force-work-scopes", "Backwards compatibility alias for --org-mode (deprecated)").option("--toon", "(experimental) Enable TOON output format for 30-60% token reduction").option("--discovery", "Enable runtime tool discovery and loading (experimental feature)").option("--cloud <type>", "Microsoft cloud environment: global (default) or china (21Vianet)");
+).option("--work-mode", "Alias for --org-mode").option("--force-work-scopes", "Backwards compatibility alias for --org-mode (deprecated)").option("--toon", "(experimental) Enable TOON output format for 30-60% token reduction").option("--discovery", "Enable runtime tool discovery and loading (experimental feature)").option("--cloud <type>", "Microsoft cloud environment: global (default) or china (21Vianet)").option(
+  "--enable-dynamic-registration",
+  "Enable OAuth Dynamic Client Registration endpoint (required for some MCP clients like Open WebUI)"
+);
 function parseArgs() {
   program.parse();
   const options = program.opts();

package/dist/graph-tools.js

@@ -45,7 +45,9 @@ async function executeGraphTool(tool, config, graphClient, params) {
             path2 = path2.replace(`{${paramName}}`, encodeURIComponent(paramValue)).replace(`:${paramName}`, encodeURIComponent(paramValue));
             break;
           case "Query":
-            queryParams[fixedParamName] = `${paramValue}`;
+            if (paramValue !== "" && paramValue != null) {
+              queryParams[fixedParamName] = `${paramValue}`;
+            }
             break;
           case "Body":
             if (paramDef.schema) {

package/dist/secrets.js

@@ -1,12 +1,13 @@
 import logger from "./logger.js";
-import { parseCloudType } from "./cloud-config.js";
+import { parseCloudType, getDefaultClientId } from "./cloud-config.js";
 class EnvironmentSecretsProvider {
   async getSecrets() {
+    const cloudType = parseCloudType(process.env.MS365_MCP_CLOUD_TYPE);
     return {
-      clientId: process.env.MS365_MCP_CLIENT_ID || "",
+      clientId: process.env.MS365_MCP_CLIENT_ID || getDefaultClientId(cloudType),
       tenantId: process.env.MS365_MCP_TENANT_ID || "common",
       clientSecret: process.env.MS365_MCP_CLIENT_SECRET,
-      cloudType: parseCloudType(process.env.MS365_MCP_CLOUD_TYPE)
+      cloudType
     };
   }
 }

package/dist/server.js

@@ -108,7 +108,7 @@ class MicrosoftGraphServer {
         const protocol = req.secure ? "https" : "http";
         const url = new URL(`${protocol}://${req.get("host")}`);
         const scopes = buildScopesFromEndpoints(this.options.orgMode, this.options.enabledTools);
-        res.json({
+        const metadata = {
           issuer: url.origin,
           authorization_endpoint: `${url.origin}/authorize`,
           token_endpoint: `${url.origin}/token`,
@@ -118,7 +118,11 @@ class MicrosoftGraphServer {
           token_endpoint_auth_methods_supported: ["none"],
           code_challenge_methods_supported: ["S256"],
           scopes_supported: scopes
-        });
+        };
+        if (this.options.enableDynamicRegistration) {
+          metadata.registration_endpoint = `${url.origin}/register`;
+        }
+        res.json(metadata);
       });
       app.get("/.well-known/oauth-protected-resource", async (req, res) => {
         const protocol = req.secure ? "https" : "http";
@@ -132,6 +136,22 @@ class MicrosoftGraphServer {
           resource_documentation: `${url.origin}`
         });
       });
+      if (this.options.enableDynamicRegistration) {
+        app.post("/register", async (req, res) => {
+          const body = req.body;
+          logger.info("Client registration request", { body });
+          const clientId = `mcp-client-${Date.now()}`;
+          res.status(201).json({
+            client_id: clientId,
+            client_id_issued_at: Math.floor(Date.now() / 1e3),
+            redirect_uris: body.redirect_uris || [],
+            grant_types: body.grant_types || ["authorization_code", "refresh_token"],
+            response_types: body.response_types || ["code"],
+            token_endpoint_auth_method: body.token_endpoint_auth_method || "none",
+            client_name: body.client_name || "MCP Client"
+          });
+        });
+      }
       app.get("/authorize", async (req, res) => {
         const url = new URL(req.url, `${req.protocol}://${req.get("host")}`);
         const tenantId = this.secrets?.tenantId || "common";
@@ -193,11 +213,14 @@ class MicrosoftGraphServer {
             const tenantId = this.secrets?.tenantId || "common";
             const clientId = this.secrets.clientId;
             const clientSecret = this.secrets?.clientSecret;
-            if (clientSecret) {
-              logger.info("Token endpoint: Using confidential client with client_secret");
-            } else {
-              logger.info("Token endpoint: Using public client without client_secret");
-            }
+            logger.info("Token endpoint: authorization_code exchange", {
+              redirect_uri: body.redirect_uri,
+              has_code: !!body.code,
+              has_code_verifier: !!body.code_verifier,
+              clientId,
+              tenantId,
+              hasClientSecret: !!clientSecret
+            });
             const result = await exchangeCodeForToken(
               body.code,
               body.redirect_uri,

package/glama.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://glama.ai/mcp/schemas/server.json",
+  "maintainers": ["eirikb"]
+}

package/logs/mcp-server.log

@@ -1,5 +1,5 @@
-2026-01-19 11:31:37 INFO: Using environment variables for secrets
-2026-01-19 11:31:37 INFO: Using environment variables for secrets
-2026-01-19 11:31:37 INFO: Using environment variables for secrets
-2026-01-19 11:31:37 INFO: Using environment variables for secrets
-2026-01-19 11:31:37 INFO: Using environment variables for secrets
+2026-01-27 20:03:08 INFO: Using environment variables for secrets
+2026-01-27 20:03:08 INFO: Using environment variables for secrets
+2026-01-27 20:03:08 INFO: Using environment variables for secrets
+2026-01-27 20:03:08 INFO: Using environment variables for secrets
+2026-01-27 20:03:08 INFO: Using environment variables for secrets

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.30.1",
+  "version": "0.31.1",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",
@@ -53,7 +53,7 @@
     "@semantic-release/exec": "^7.1.0",
     "@semantic-release/git": "^10.0.1",
     "@semantic-release/github": "^11.0.3",
-    "@semantic-release/npm": "^12.0.2",
+    "@semantic-release/npm": "^13.1.3",
     "@types/express": "^5.0.3",
     "@types/node": "^22.15.15",
     "@typescript-eslint/eslint-plugin": "^8.38.0",
@@ -63,7 +63,7 @@
     "globals": "^16.3.0",
     "patch-package": "^8.0.1",
     "prettier": "^3.5.3",
-    "semantic-release": "^24.2.7",
+    "semantic-release": "^25.0.2",
     "tsup": "^8.5.0",
     "tsx": "^4.19.4",
     "typescript": "^5.8.3",