MCP Hub
Back to servers

Outlook OAuth MCP Server

A spec-compliant MCP server that enables delegated OAuth2 access to Microsoft Outlook for secure mail and calendar management using individual user accounts.

glama
AI & MLAPIs & ServicesCommunicationDevelopment ToolsProductivity
Updated
Jan 20, 2026
View Source
Claim this server

Outlook OAuth MCP Server

A minimal, spec-compliant MCP server for Microsoft Outlook with OAuth2 delegated access.

Features

  • MCP Spec Compliant: Implements RFC 9728 and RFC 8414
  • OAuth2 Delegated Access: Users authenticate with their own Microsoft accounts
  • Stateless Design: No token storage—tokens passed per-request
  • Rate Limiting: Configurable per-user rate limiting

Quick Start

Prerequisites

  • Node.js >= 20
  • Azure AD App Registration with delegated permissions

Installation

npm install
npm run build

Configuration

Create a .env file:

MS365_MCP_CLIENT_ID=your-azure-ad-client-id
MS365_MCP_TENANT_ID=your-tenant-id  # or 'common' for multi-tenant
MS365_MCP_CORS_ORIGIN=https://your-app.com  # set in production

Run

npm start

Server runs at http://localhost:3000

Azure AD Setup

1. Create App Registration

  1. Go to Azure Portal → Azure Active Directory → App registrations
  2. New registration → Name: "Outlook MCP Server"
  3. Choose supported account types based on your needs
  4. Register

2. Add API Permissions

Add these delegated permissions: User.Read, Mail.Read, Mail.ReadWrite, Mail.Send, Calendars.Read, Calendars.ReadWrite, offline_access

3. Configure Redirect URIs

Add platform: Web

  • http://localhost:6274/oauth/callback (MCP Inspector)
  • https://your-production-app.com/callback (Production)

4. Get Credentials

Copy from Overview page:

  • Application (client) ID → MS365_MCP_CLIENT_ID
  • Directory (tenant) ID → MS365_MCP_TENANT_ID

Environment Variables

VariableRequiredDefaultDescription
MS365_MCP_CLIENT_IDYes-Azure AD client ID
MS365_MCP_CLIENT_SECRETNo-Azure AD client secret
MS365_MCP_TENANT_IDNocommonAzure AD tenant ID
MS365_MCP_PORTNo3000Server port
MS365_MCP_HOSTNo0.0.0.0Bind address
MS365_MCP_LOG_LEVELNoinfoLog level
MS365_MCP_CORS_ORIGINNo*CORS allowed origins
MS365_MCP_RATE_LIMIT_REQUESTSNo30Max requests per window
MS365_MCP_RATE_LIMIT_WINDOW_MSNo60000Rate limit window (ms)
MS365_MCP_ALLOWED_TENANTSNo-Comma-separated tenant IDs

Docker

docker build -t outlook-oauth-mcp .

docker run -p 3000:3000 \
  -e MS365_MCP_CLIENT_ID=your-client-id \
  -e MS365_MCP_TENANT_ID=your-tenant-id \
  -e MS365_MCP_CORS_ORIGIN=https://your-app.com \
  outlook-oauth-mcp

Testing with MCP Inspector

npm run dev
npx @modelcontextprotocol/inspector

Configure: Server URL http://localhost:3000/mcp

Production Checklist

  • Deploy behind HTTPS reverse proxy
  • Set MS365_MCP_CORS_ORIGIN to your domain
  • Set MS365_MCP_ALLOWED_TENANTS for multi-tenant
  • Use client secret for confidential client flow
  • Monitor /health endpoint

License

MIT

Reviews

No reviews yet

Sign in to write a review