@softeria/ms-365-mcp-server 0.41.0 → 0.43.0

package/README.md

@@ -431,6 +431,43 @@ This method:
 > **Authentication Tools**: In HTTP mode, login/logout tools are disabled by default since OAuth handles authentication.
 > Use `--enable-auth-tools` if you need them available.
 
+## Multi-Account Support
+
+Use a single server instance to serve multiple Microsoft accounts. When more than one account is logged in, an `account` parameter is automatically injected into every tool, allowing you to specify which account to use per tool call.
+
+**Login multiple accounts** (one-time per account):
+
+```bash
+# Login first account (device code flow)
+npx @softeria/ms-365-mcp-server --login
+# Follow the device code prompt, sign in as personal@outlook.com
+
+# Login second account
+npx @softeria/ms-365-mcp-server --login
+# Follow the device code prompt, sign in as work@company.com
+```
+
+**List configured accounts:**
+
+```bash
+npx @softeria/ms-365-mcp-server --list-accounts
+```
+
+**Use in tool calls:** Pass `"account": "work@company.com"` in any tool request:
+
+```json
+{ "tool": "list-mail-messages", "arguments": { "account": "work@company.com" } }
+```
+
+**Behavior:**
+
+- With a **single account** configured, it auto-selects (no `account` parameter needed).
+- With **multiple accounts** and no `account` parameter, the server uses the selected default or returns a helpful error listing available accounts.
+- **100% backward compatible**: existing single-account setups work unchanged.
+- The `account` parameter accepts email address (e.g. `user@outlook.com`) or MSAL `homeAccountId`.
+
+> **For MCP multiplexers (Legate, Governor):** Multi-account mode replaces the N-process pattern. Instead of spawning one server per account, a single instance handles all accounts via the `account` parameter, reducing tool duplication from N×110 to 110.
+
 ## Tool Presets
 
 To reduce initial connection overhead, use preset tool categories instead of loading all 90+ tools:

package/dist/auth-tools.js

@@ -83,63 +83,68 @@ function registerAuthTools(server, authManager) {
       ]
     };
   });
-  server.tool("list-accounts", "List all available Microsoft accounts", {}, async () => {
-    try {
-      const accounts = await authManager.listAccounts();
-      const selectedAccountId = authManager.getSelectedAccountId();
-      const result = accounts.map((account) => ({
-        id: account.homeAccountId,
-        username: account.username,
-        name: account.name,
-        selected: account.homeAccountId === selectedAccountId
-      }));
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify({ accounts: result })
-          }
-        ]
-      };
-    } catch (error) {
-      return {
-        content: [
-          {
-            type: "text",
-            text: JSON.stringify({ error: `Failed to list accounts: ${error.message}` })
-          }
-        ]
-      };
+  server.tool(
+    "list-accounts",
+    "List all Microsoft accounts configured in this server. Use this to discover available account emails before making tool calls. Reflects accounts added mid-session via --login.",
+    {},
+    {
+      title: "list-accounts",
+      readOnlyHint: true,
+      openWorldHint: false
+    },
+    async () => {
+      try {
+        const accounts = await authManager.listAccounts();
+        const selectedAccountId = authManager.getSelectedAccountId();
+        const result = accounts.map((account) => ({
+          email: account.username || "unknown",
+          name: account.name,
+          isDefault: account.homeAccountId === selectedAccountId
+        }));
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                accounts: result,
+                count: result.length,
+                tip: "Pass the 'email' value as the 'account' parameter in any tool call to target a specific account."
+              })
+            }
+          ]
+        };
+      } catch (error) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({
+                error: `Failed to list accounts: ${error.message}`
+              })
+            }
+          ],
+          isError: true
+        };
+      }
     }
-  });
+  );
   server.tool(
     "select-account",
-    "Select a specific Microsoft account to use",
+    "Select a Microsoft account as the default. Accepts email address (e.g. user@outlook.com) or account ID. Use list-accounts to discover available accounts.",
     {
-      accountId: z.string().describe("The account ID to select")
+      account: z.string().describe("Email address or account ID of the account to select")
     },
-    async ({ accountId }) => {
+    async ({ account }) => {
       try {
-        const success = await authManager.selectAccount(accountId);
-        if (success) {
-          return {
-            content: [
-              {
-                type: "text",
-                text: JSON.stringify({ message: `Selected account: ${accountId}` })
-              }
-            ]
-          };
-        } else {
-          return {
-            content: [
-              {
-                type: "text",
-                text: JSON.stringify({ error: `Account not found: ${accountId}` })
-              }
-            ]
-          };
-        }
+        await authManager.selectAccount(account);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({ message: `Selected account: ${account}` })
+            }
+          ]
+        };
       } catch (error) {
         return {
           content: [
@@ -149,26 +154,27 @@ function registerAuthTools(server, authManager) {
                 error: `Failed to select account: ${error.message}`
               })
             }
-          ]
+          ],
+          isError: true
         };
       }
     }
   );
   server.tool(
     "remove-account",
-    "Remove a Microsoft account from the cache",
+    "Remove a Microsoft account from the cache. Accepts email address (e.g. user@outlook.com) or account ID. Use list-accounts to discover available accounts.",
     {
-      accountId: z.string().describe("The account ID to remove")
+      account: z.string().describe("Email address or account ID of the account to remove")
     },
-    async ({ accountId }) => {
+    async ({ account }) => {
       try {
-        const success = await authManager.removeAccount(accountId);
+        const success = await authManager.removeAccount(account);
         if (success) {
           return {
             content: [
               {
                 type: "text",
-                text: JSON.stringify({ message: `Removed account: ${accountId}` })
+                text: JSON.stringify({ message: `Removed account: ${account}` })
               }
             ]
           };
@@ -177,9 +183,10 @@ function registerAuthTools(server, authManager) {
             content: [
               {
                 type: "text",
-                text: JSON.stringify({ error: `Account not found: ${accountId}` })
+                text: JSON.stringify({ error: `Failed to remove account from cache: ${account}` })
               }
-            ]
+            ],
+            isError: true
           };
         }
       } catch (error) {
@@ -191,7 +198,8 @@ function registerAuthTools(server, authManager) {
                 error: `Failed to remove account: ${error.message}`
               })
             }
-          ]
+          ],
+          isError: true
         };
       }
     }

package/dist/auth.js

@@ -399,45 +399,123 @@ class AuthManager {
   async listAccounts() {
     return await this.msalApp.getTokenCache().getAllAccounts();
   }
-  async selectAccount(accountId) {
-    const accounts = await this.listAccounts();
-    const account = accounts.find((acc) => acc.homeAccountId === accountId);
-    if (!account) {
-      logger.error(`Account with ID ${accountId} not found`);
-      return false;
-    }
-    this.selectedAccountId = accountId;
+  async selectAccount(identifier) {
+    const account = await this.resolveAccount(identifier);
+    this.selectedAccountId = account.homeAccountId;
     await this.saveSelectedAccount();
     this.accessToken = null;
     this.tokenExpiry = null;
-    logger.info(`Selected account: ${account.username} (${accountId})`);
+    logger.info(`Selected account: ${account.username} (${account.homeAccountId})`);
     return true;
   }
-  async removeAccount(accountId) {
-    const accounts = await this.listAccounts();
-    const account = accounts.find((acc) => acc.homeAccountId === accountId);
-    if (!account) {
-      logger.error(`Account with ID ${accountId} not found`);
-      return false;
-    }
+  async removeAccount(identifier) {
+    const account = await this.resolveAccount(identifier);
     try {
       await this.msalApp.getTokenCache().removeAccount(account);
-      if (this.selectedAccountId === accountId) {
+      if (this.selectedAccountId === account.homeAccountId) {
         this.selectedAccountId = null;
         await this.saveSelectedAccount();
         this.accessToken = null;
         this.tokenExpiry = null;
       }
-      logger.info(`Removed account: ${account.username} (${accountId})`);
+      logger.info(`Removed account: ${account.username} (${account.homeAccountId})`);
       return true;
     } catch (error) {
-      logger.error(`Failed to remove account ${accountId}: ${error.message}`);
+      logger.error(`Failed to remove account ${identifier}: ${error.message}`);
       return false;
     }
   }
   getSelectedAccountId() {
     return this.selectedAccountId;
   }
+  /**
+   * Returns true if auth is in OAuth/HTTP mode (token supplied via env or setOAuthToken).
+   * In this mode, account resolution should be skipped — the request context drives token selection.
+   */
+  isOAuthModeEnabled() {
+    return this.isOAuthMode;
+  }
+  /**
+   * Resolves an account by identifier (email or homeAccountId).
+   * Resolution: username match (case-insensitive) → homeAccountId match → throw.
+   */
+  async resolveAccount(identifier) {
+    const accounts = await this.msalApp.getTokenCache().getAllAccounts();
+    if (accounts.length === 0) {
+      throw new Error("No accounts found. Please login first.");
+    }
+    const lowerIdentifier = identifier.toLowerCase();
+    let account = accounts.find((a) => a.username?.toLowerCase() === lowerIdentifier) ?? null;
+    if (!account) {
+      account = accounts.find((a) => a.homeAccountId === identifier) ?? null;
+    }
+    if (!account) {
+      const availableAccounts = accounts.map((a) => a.username || a.name || "unknown").join(", ");
+      throw new Error(
+        `Account '${identifier}' not found. Available accounts: ${availableAccounts}`
+      );
+    }
+    return account;
+  }
+  /**
+   * Returns true if the MSAL cache contains more than one account.
+   * Used to decide whether to inject the `account` parameter into tool schemas.
+   */
+  async isMultiAccount() {
+    const accounts = await this.msalApp.getTokenCache().getAllAccounts();
+    return accounts.length > 1;
+  }
+  /**
+   * Acquires a token for a specific account identified by username (email) or homeAccountId,
+   * WITHOUT changing the persisted selectedAccountId.
+   *
+   * Resolution order:
+   *  1. Exact match on username (case-insensitive)
+   *  2. Exact match on homeAccountId
+   *  3. If identifier is empty/undefined AND only 1 account exists → auto-select
+   *  4. If identifier is empty/undefined AND multiple accounts → use selectedAccountId or throw
+   *
+   * @returns The access token string.
+   */
+  async getTokenForAccount(identifier) {
+    if (this.isOAuthMode && this.oauthToken) {
+      return this.oauthToken;
+    }
+    let targetAccount = null;
+    if (identifier) {
+      targetAccount = await this.resolveAccount(identifier);
+    } else {
+      const accounts = await this.msalApp.getTokenCache().getAllAccounts();
+      if (accounts.length === 0) {
+        throw new Error("No accounts found. Please login first.");
+      }
+      if (accounts.length === 1) {
+        targetAccount = accounts[0];
+      } else {
+        if (this.selectedAccountId) {
+          targetAccount = accounts.find((a) => a.homeAccountId === this.selectedAccountId) ?? null;
+        }
+        if (!targetAccount) {
+          const availableAccounts = accounts.map((a) => a.username || a.name || "unknown").join(", ");
+          throw new Error(
+            `Multiple accounts configured but no 'account' parameter provided and no default selected. Available accounts: ${availableAccounts}. Pass account="<email>" in your tool call or use select-account to set a default.`
+          );
+        }
+      }
+    }
+    const silentRequest = {
+      account: targetAccount,
+      scopes: this.scopes
+    };
+    try {
+      const response = await this.msalApp.acquireTokenSilent(silentRequest);
+      return response.accessToken;
+    } catch {
+      throw new Error(
+        `Failed to acquire token for account '${targetAccount.username || targetAccount.name || "unknown"}'. The token may have expired. Please re-login with: --login`
+      );
+    }
+  }
 }
 var auth_default = AuthManager;
 export {

package/dist/endpoints.json

@@ -586,6 +586,12 @@
     "toolName": "reply-to-channel-message",
     "workScopes": ["ChannelMessage.Send"]
   },
+  {
+    "pathPattern": "/teams/{team-id}/channels/{channel-id}/messages/{chatMessage-id}/replies",
+    "method": "get",
+    "toolName": "list-channel-message-replies",
+    "workScopes": ["ChannelMessage.Read.All"]
+  },
   {
     "pathPattern": "/teams/{team-id}/members",
     "method": "get",

package/dist/generated/client.js

@@ -2268,7 +2268,7 @@ const microsoft_graph_team = z.lazy(
     ).nullish(),
     allChannels: z.array(microsoft_graph_channel).describe("List of channels either hosted in or shared with the team (incoming channels).").optional(),
     channels: z.array(microsoft_graph_channel).describe("The collection of channels and messages associated with the team.").optional(),
-    group: microsoft_graph_group.describe("[Note: Simplified from 71 properties to 25 most common ones]").optional(),
+    group: microsoft_graph_group.describe("[Note: Simplified from 73 properties to 25 most common ones]").optional(),
     incomingChannels: z.array(microsoft_graph_channel).describe("List of channels shared with the team.").optional(),
     installedApps: z.array(microsoft_graph_teamsAppInstallation).describe("The apps installed in this team.").optional(),
     members: z.array(microsoft_graph_conversationMember).describe("Members and owners of the team.").optional(),
@@ -7239,6 +7239,56 @@ To monitor future changes, call the delta API by using the @odata.deltaLink in t
     ],
     response: z.void()
   },
+  {
+    method: "get",
+    path: "/teams/:teamId/channels/:channelId/messages/:chatMessageId/replies",
+    alias: "list-channel-message-replies",
+    description: `List all the replies to a message in a channel of a team. This method lists only the replies of the specified message, if any. To get the message itself, call get channel message.`,
+    requestFormat: "json",
+    parameters: [
+      {
+        name: "$top",
+        type: "Query",
+        schema: z.number().int().gte(0).describe("Show only the first n items").optional()
+      },
+      {
+        name: "$skip",
+        type: "Query",
+        schema: z.number().int().gte(0).describe("Skip the first n items").optional()
+      },
+      {
+        name: "$search",
+        type: "Query",
+        schema: z.string().describe("Search items by search phrases").optional()
+      },
+      {
+        name: "$filter",
+        type: "Query",
+        schema: z.string().describe("Filter items by property values").optional()
+      },
+      {
+        name: "$count",
+        type: "Query",
+        schema: z.boolean().describe("Include count of items").optional()
+      },
+      {
+        name: "$orderby",
+        type: "Query",
+        schema: z.array(z.string()).describe("Order items by property values").optional()
+      },
+      {
+        name: "$select",
+        type: "Query",
+        schema: z.array(z.string()).describe("Select properties to be returned").optional()
+      },
+      {
+        name: "$expand",
+        type: "Query",
+        schema: z.array(z.string()).describe("Expand related entities").optional()
+      }
+    ],
+    response: z.void()
+  },
   {
     method: "post",
     path: "/teams/:teamId/channels/:channelId/messages/:chatMessageId/replies",

package/dist/graph-tools.js

@@ -10,9 +10,26 @@ const __dirname = path.dirname(__filename);
 const endpointsData = JSON.parse(
   readFileSync(path.join(__dirname, "endpoints.json"), "utf8")
 );
-async function executeGraphTool(tool, config, graphClient, params) {
+async function executeGraphTool(tool, config, graphClient, params, authManager) {
   logger.info(`Tool ${tool.alias} called with params: ${JSON.stringify(params)}`);
   try {
+    let accountAccessToken;
+    if (authManager && !authManager.isOAuthModeEnabled()) {
+      const accountParam = params.account;
+      try {
+        accountAccessToken = await authManager.getTokenForAccount(accountParam);
+      } catch (err) {
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify({ error: err.message })
+            }
+          ],
+          isError: true
+        };
+      }
+    }
     const parameterDefinitions = tool.parameters || [];
     let path2 = tool.path;
     const queryParams = {};
@@ -20,6 +37,7 @@ async function executeGraphTool(tool, config, graphClient, params) {
     let body = null;
     for (const [paramName, paramValue] of Object.entries(params)) {
       if ([
+        "account",
         "fetchAllPages",
         "includeHeaders",
         "excludeResponse",
@@ -141,7 +159,13 @@ async function executeGraphTool(tool, config, graphClient, params) {
     if (params.excludeResponse === true) {
       options.excludeResponse = true;
     }
-    logger.info(`Making graph request to ${path2} with options: ${JSON.stringify(options)}`);
+    if (accountAccessToken) {
+      options.accessToken = accountAccessToken;
+    }
+    const { accessToken: _redacted, ...safeOptions } = options;
+    logger.info(
+      `Making graph request to ${path2} with options: ${JSON.stringify(safeOptions)}${_redacted ? " [accessToken=REDACTED]" : ""}`
+    );
     let response = await graphClient.graphRequest(path2, options);
     const fetchAllPages = params.fetchAllPages === true;
     if (fetchAllPages && response?.content?.[0]?.text) {
@@ -226,7 +250,7 @@ async function executeGraphTool(tool, config, graphClient, params) {
     };
   }
 }
-function registerGraphTools(server, graphClient, readOnly = false, enabledToolsPattern, orgMode = false) {
+function registerGraphTools(server, graphClient, readOnly = false, enabledToolsPattern, orgMode = false, authManager, multiAccount = false, accountNames = []) {
   let enabledToolsRegex;
   if (enabledToolsPattern) {
     try {
@@ -265,6 +289,12 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
     if (tool.method.toUpperCase() === "GET" && tool.path.includes("/")) {
       paramSchema["fetchAllPages"] = z.boolean().describe("Automatically fetch all pages of results").optional();
     }
+    if (multiAccount) {
+      const accountHint = accountNames.length > 0 ? `Known accounts: ${accountNames.join(", ")}. ` : "";
+      paramSchema["account"] = z.string().describe(
+        `${accountHint}Microsoft account email to use for this request. Required when multiple accounts are configured. Use the list-accounts tool to discover all currently available accounts.`
+      ).optional();
+    }
     paramSchema["includeHeaders"] = z.boolean().describe("Include response headers (including ETag) in the response metadata").optional();
     paramSchema["excludeResponse"] = z.boolean().describe("Exclude the full response body and only return success or failure indication").optional();
     if (endpointConfig?.supportsTimezone) {
@@ -295,7 +325,7 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
           openWorldHint: true
           // All tools call Microsoft Graph API
         },
-        async (params) => executeGraphTool(tool, endpointConfig, graphClient, params)
+        async (params) => executeGraphTool(tool, endpointConfig, graphClient, params, authManager)
       );
       registeredCount++;
     } catch (error) {
@@ -303,6 +333,9 @@ function registerGraphTools(server, graphClient, readOnly = false, enabledToolsP
       failedCount++;
     }
   }
+  if (multiAccount) {
+    logger.info('Multi-account mode: "account" parameter injected into all tool schemas');
+  }
   logger.info(
     `Tool registration complete: ${registeredCount} registered, ${skippedCount} skipped, ${failedCount} failed`
   );
@@ -322,7 +355,7 @@ function buildToolsRegistry(readOnly, orgMode) {
   }
   return toolsMap;
 }
-function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode = false) {
+function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode = false, authManager, _multiAccount = false) {
   const toolsRegistry = buildToolsRegistry(readOnly, orgMode);
   logger.info(`Discovery mode: ${toolsRegistry.size} tools available in registry`);
   server.tool(
@@ -414,7 +447,7 @@ function registerDiscoveryTools(server, graphClient, readOnly = false, orgMode =
           isError: true
         };
       }
-      return executeGraphTool(toolData.tool, toolData.config, graphClient, parameters);
+      return executeGraphTool(toolData.tool, toolData.config, graphClient, parameters, authManager);
     }
   );
 }

package/dist/server.js

@@ -34,6 +34,8 @@ function parseHttpOption(httpOption) {
 class MicrosoftGraphServer {
   constructor(authManager, options = {}) {
     this.version = "0.0.0";
+    this.multiAccount = false;
+    this.accountNames = [];
     this.authManager = authManager;
     this.options = options;
     this.graphClient = null;
@@ -54,7 +56,9 @@ class MicrosoftGraphServer {
         server,
         this.graphClient,
         this.options.readOnly,
-        this.options.orgMode
+        this.options.orgMode,
+        this.authManager,
+        this.multiAccount
       );
     } else {
       registerGraphTools(
@@ -62,7 +66,10 @@ class MicrosoftGraphServer {
         this.graphClient,
         this.options.readOnly,
         this.options.enabledTools,
-        this.options.orgMode
+        this.options.orgMode,
+        this.authManager,
+        this.multiAccount,
+        this.accountNames
       );
     }
     return server;
@@ -70,6 +77,18 @@ class MicrosoftGraphServer {
   async initialize(version) {
     this.secrets = await getSecrets();
     this.version = version;
+    try {
+      this.multiAccount = await this.authManager.isMultiAccount();
+      if (this.multiAccount) {
+        const accounts = await this.authManager.listAccounts();
+        this.accountNames = accounts.map((a) => a.username).filter((u) => !!u);
+        logger.info(
+          `Multi-account mode detected (${this.accountNames.length} accounts): "account" parameter will be injected into all tool schemas`
+        );
+      }
+    } catch (err) {
+      logger.warn(`Failed to detect multi-account mode: ${err.message}`);
+    }
     const outputFormat = this.options.toon ? "toon" : "json";
     this.graphClient = new GraphClient(this.authManager, this.secrets, outputFormat);
     if (!this.options.http) {

package/logs/mcp-server.log

@@ -1,10 +1,10 @@
-2026-02-15 08:15:07 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
-2026-02-15 08:15:07 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
-2026-02-15 08:15:07 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
-2026-02-15 08:15:07 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/messages
-2026-02-15 08:15:07 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/calendar
-2026-02-15 08:15:08 INFO: Using environment variables for secrets
-2026-02-15 08:15:08 INFO: Using environment variables for secrets
-2026-02-15 08:15:08 INFO: Using environment variables for secrets
-2026-02-15 08:15:08 INFO: Using environment variables for secrets
-2026-02-15 08:15:08 INFO: Using environment variables for secrets
+2026-02-27 13:54:04 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
+2026-02-27 13:54:04 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
+2026-02-27 13:54:04 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me
+2026-02-27 13:54:04 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/messages
+2026-02-27 13:54:04 INFO: [GRAPH CLIENT] Final URL being sent to Microsoft: https://graph.microsoft.com/v1.0/me/calendar
+2026-02-27 13:54:05 INFO: Using environment variables for secrets
+2026-02-27 13:54:05 INFO: Using environment variables for secrets
+2026-02-27 13:54:05 INFO: Using environment variables for secrets
+2026-02-27 13:54:05 INFO: Using environment variables for secrets
+2026-02-27 13:54:05 INFO: Using environment variables for secrets

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@softeria/ms-365-mcp-server",
-  "version": "0.41.0",
+  "version": "0.43.0",
   "description": " A Model Context Protocol (MCP) server for interacting with Microsoft 365 and Office services through the Graph API",
   "type": "module",
   "main": "dist/index.js",

package/src/endpoints.json

@@ -586,6 +586,12 @@
     "toolName": "reply-to-channel-message",
     "workScopes": ["ChannelMessage.Send"]
   },
+  {
+    "pathPattern": "/teams/{team-id}/channels/{channel-id}/messages/{chatMessage-id}/replies",
+    "method": "get",
+    "toolName": "list-channel-message-replies",
+    "workScopes": ["ChannelMessage.Read.All"]
+  },
   {
     "pathPattern": "/teams/{team-id}/members",
     "method": "get",