npm - @softeria/ms-365-mcp-server - Versions diffs - 0.36.1 → 0.37.0 - Mend

@softeria/ms-365-mcp-server 0.36.1 → 0.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -490,6 +490,25 @@ Environment variables:
 - `MS365_MCP_TENANT_ID`: Custom tenant ID (defaults to 'common' for multi-tenant)
 - `MS365_MCP_OAUTH_TOKEN`: Pre-existing OAuth token for Microsoft Graph API (BYOT method)
 - `MS365_MCP_KEYVAULT_URL`: Azure Key Vault URL for secrets management (see Azure Key Vault section)
+- `MS365_MCP_TOKEN_CACHE_PATH`: Custom file path for MSAL token cache (see Token Storage below)
+- `MS365_MCP_SELECTED_ACCOUNT_PATH`: Custom file path for selected account metadata (see Token Storage below)
+## Token Storage
+Authentication tokens are stored using the OS credential store (via keytar) when available. If keytar is not installed or fails (common on headless Linux), the server falls back to file-based storage.
+**Default fallback paths** are relative to the installed package directory. This means tokens can be lost when the package is reinstalled or updated via npm.
+To persist tokens across updates, set custom paths outside the package directory:
+```bash
+export MS365_MCP_TOKEN_CACHE_PATH="$HOME/.config/ms365-mcp/.token-cache.json"
+export MS365_MCP_SELECTED_ACCOUNT_PATH="$HOME/.config/ms365-mcp/.selected-account.json"
+```
+Parent directories are created automatically. Files are written with `0600` permissions.
+> **Security note**: File-based token storage writes sensitive credentials to disk. Ensure the chosen directory has appropriate access controls. The OS credential store (keytar) is preferred when available.
 ## Azure Key Vault Integration

package/dist/auth.js CHANGED Viewed

@@ -34,8 +34,20 @@ const SERVICE_NAME = "ms-365-mcp-server";
 const TOKEN_CACHE_ACCOUNT = "msal-token-cache";
 const SELECTED_ACCOUNT_KEY = "selected-account";
 const FALLBACK_DIR = path.dirname(fileURLToPath(import.meta.url));
-const FALLBACK_PATH = path.join(FALLBACK_DIR, "..", ".token-cache.json");
-const SELECTED_ACCOUNT_PATH = path.join(FALLBACK_DIR, "..", ".selected-account.json");
+const DEFAULT_TOKEN_CACHE_PATH = path.join(FALLBACK_DIR, "..", ".token-cache.json");
+const DEFAULT_SELECTED_ACCOUNT_PATH = path.join(FALLBACK_DIR, "..", ".selected-account.json");
+function getTokenCachePath() {
+  const envPath = process.env.MS365_MCP_TOKEN_CACHE_PATH?.trim();
+  return envPath || DEFAULT_TOKEN_CACHE_PATH;
+}
+function getSelectedAccountPath() {
+  const envPath = process.env.MS365_MCP_SELECTED_ACCOUNT_PATH?.trim();
+  return envPath || DEFAULT_SELECTED_ACCOUNT_PATH;
+}
+function ensureParentDir(filePath) {
+  const dir = path.dirname(filePath);
+  fs.mkdirSync(dir, { recursive: true, mode: 448 });
+}
 function createMsalConfig(secrets) {
   const cloudEndpoints = getCloudEndpoints(secrets.cloudType);
   return {
@@ -128,8 +140,9 @@ class AuthManager {
           `Keychain access failed, falling back to file storage: ${keytarError.message}`
         );
       }
-      if (!cacheData && existsSync(FALLBACK_PATH)) {
-        cacheData = readFileSync(FALLBACK_PATH, "utf8");
+      const cachePath = getTokenCachePath();
+      if (!cacheData && existsSync(cachePath)) {
+        cacheData = readFileSync(cachePath, "utf8");
       }
       if (cacheData) {
         this.msalApp.getTokenCache().deserialize(cacheData);
@@ -155,8 +168,9 @@ class AuthManager {
           `Keychain access failed for selected account, falling back to file storage: ${keytarError.message}`
         );
       }
-      if (!selectedAccountData && existsSync(SELECTED_ACCOUNT_PATH)) {
-        selectedAccountData = readFileSync(SELECTED_ACCOUNT_PATH, "utf8");
+      const accountPath = getSelectedAccountPath();
+      if (!selectedAccountData && existsSync(accountPath)) {
+        selectedAccountData = readFileSync(accountPath, "utf8");
       }
       if (selectedAccountData) {
         const parsed = JSON.parse(selectedAccountData);
@@ -175,13 +189,17 @@ class AuthManager {
         if (kt) {
           await kt.setPassword(SERVICE_NAME, TOKEN_CACHE_ACCOUNT, cacheData);
         } else {
-          fs.writeFileSync(FALLBACK_PATH, cacheData, { mode: 384 });
+          const cachePath = getTokenCachePath();
+          ensureParentDir(cachePath);
+          fs.writeFileSync(cachePath, cacheData, { mode: 384 });
         }
       } catch (keytarError) {
         logger.warn(
           `Keychain save failed, falling back to file storage: ${keytarError.message}`
         );
-        fs.writeFileSync(FALLBACK_PATH, cacheData, { mode: 384 });
+        const cachePath = getTokenCachePath();
+        ensureParentDir(cachePath);
+        fs.writeFileSync(cachePath, cacheData, { mode: 384 });
       }
     } catch (error) {
       logger.error(`Error saving token cache: ${error.message}`);
@@ -195,13 +213,17 @@ class AuthManager {
         if (kt) {
           await kt.setPassword(SERVICE_NAME, SELECTED_ACCOUNT_KEY, selectedAccountData);
         } else {
-          fs.writeFileSync(SELECTED_ACCOUNT_PATH, selectedAccountData, { mode: 384 });
+          const accountPath = getSelectedAccountPath();
+          ensureParentDir(accountPath);
+          fs.writeFileSync(accountPath, selectedAccountData, { mode: 384 });
         }
       } catch (keytarError) {
         logger.warn(
           `Keychain save failed for selected account, falling back to file storage: ${keytarError.message}`
         );
-        fs.writeFileSync(SELECTED_ACCOUNT_PATH, selectedAccountData, { mode: 384 });
+        const accountPath = getSelectedAccountPath();
+        ensureParentDir(accountPath);
+        fs.writeFileSync(accountPath, selectedAccountData, { mode: 384 });
       }
     } catch (error) {
       logger.error(`Error saving selected account: ${error.message}`);
@@ -359,11 +381,13 @@ class AuthManager {
       } catch (keytarError) {
         logger.warn(`Keychain deletion failed: ${keytarError.message}`);
       }
-      if (fs.existsSync(FALLBACK_PATH)) {
-        fs.unlinkSync(FALLBACK_PATH);
+      const cachePath = getTokenCachePath();
+      if (fs.existsSync(cachePath)) {
+        fs.unlinkSync(cachePath);
       }
-      if (fs.existsSync(SELECTED_ACCOUNT_PATH)) {
-        fs.unlinkSync(SELECTED_ACCOUNT_PATH);
+      const accountPath = getSelectedAccountPath();
+      if (fs.existsSync(accountPath)) {
+        fs.unlinkSync(accountPath);
       }
       return true;
     } catch (error) {
@@ -418,5 +442,7 @@ class AuthManager {
 var auth_default = AuthManager;
 export {
   buildScopesFromEndpoints,
-  auth_default as default
+  auth_default as default,
+  getSelectedAccountPath,
+  getTokenCachePath
 };

package/logs/mcp-server.log CHANGED Viewed

@@ -1,10 +1,10 @@
-2026-02-09 08:24:59 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
-2026-02-09 08:24:59 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
-2026-02-09 08:24:59 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
-2026-02-09 08:24:59 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/messages
-2026-02-09 08:24:59 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/calendar
-2026-02-09 08:24:59 INFO: Using environment variables for secrets
-2026-02-09 08:24:59 INFO: Using environment variables for secrets
-2026-02-09 08:24:59 INFO: Using environment variables for secrets
-2026-02-09 08:24:59 INFO: Using environment variables for secrets
-2026-02-09 08:24:59 INFO: Using environment variables for secrets
+2026-02-09 08:40:40 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
+2026-02-09 08:40:40 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
+2026-02-09 08:40:40 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
+2026-02-09 08:40:40 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/messages
+2026-02-09 08:40:40 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/calendar
+2026-02-09 08:40:40 INFO: Using environment variables for secrets
+2026-02-09 08:40:40 INFO: Using environment variables for secrets
+2026-02-09 08:40:40 INFO: Using environment variables for secrets
+2026-02-09 08:40:40 INFO: Using environment variables for secrets
+2026-02-09 08:40:40 INFO: Using environment variables for secrets

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.36.1",
+  "version": "0.37.0",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",