MCPAuthFuncapp MCP Server

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.
1

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal
pip install -r requirements.txt
func start
2

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal
claude mcp add -e "CLIENT_ID=${CLIENT_ID}" -e "CLIENT_SECRET=${CLIENT_SECRET}" -e "TENANT_ID=${TENANT_ID}" -e "APIM_GATEWAY_URL=${APIM_GATEWAY_URL}" mcp-auth-funcapp -- python "<FULL_PATH_TO_MCPAUTHFUNCAPP>/dist/index.js"

Replace <FULL_PATH_TO_MCPAUTHFUNCAPP>/dist/index.js with the actual folder you prepared in step 1.

Required:CLIENT_IDCLIENT_SECRETTENANT_IDAPIM_GATEWAY_URL
README.md

Secure MCP backend service for Microsoft Graph API access via Azure Functions

MCPAuthFuncapp

Overview

This Azure Function App implements a secure Model Context Protocol (MCP) backend service with Azure Active Directory authentication. It provides authenticated access to Microsoft Graph API through Azure API Management (APIM) and supports OAuth On-Behalf-Of (OBO) token exchange.

Architecture

[Client App] → [APIM Gateway] → [Azure Functions] → [Microsoft Graph API]
     ↓              ↓                 ↓               ↓
  Bearer Token  →  OBO Exchange  →  Graph Token  →  User Data

Features

Authentication Flow

  • OAuth 2.0 On-Behalf-Of Flow: APIM policies automatically exchange user bearer tokens for Microsoft Graph API access tokens
  • Azure AD Integration: Seamless authentication with Azure Active Directory
  • Token Validation: Automatic token validation and refresh handled by APIM policies

Available Endpoints

  1. /hello - Simple greeting endpoint

    • Returns personalized greeting message
    • Supports both query parameters and JSON body input

  2. /echo - Request echo service

    • Returns the exact request body sent
    • Useful for testing and debugging

  3. /tools - MCP tools discovery

    • Returns available tools and their schemas
    • Supports Model Context Protocol standards

  4. /me - User profile retrieval

    • Requires Authentication: Bearer token in Authorization header
    • Retrieves authenticated user's profile from Microsoft Graph API
    • Automatic token exchange via APIM OBO flow

  5. /status - Health check endpoint

    • Service status and authentication state
    • Returns user context information

Security Features

  • Token-based Authentication: All sensitive endpoints require valid Bearer tokens
  • APIM Policy Protection: OAuth policies protect against unauthorized access
  • Pre-authorized Applications: Configured OAuth consent for trusted applications
  • Secure Token Exchange: On-Behalf-Of flow maintains security boundaries

APIM Policies

The included APIM policies provide:

  • OAuth Authentication: Validates incoming bearer tokens
  • Token Exchange: Automatic OBO flow for Microsoft Graph access
  • Error Handling: Comprehensive error responses for authentication failures
  • Security Headers: Proper CORS and security headers

Configuration

Environment Variables (replace placeholders)

  • {{CLIENT_ID_PLACEHOLDER}} - Azure AD Application ID
  • {{CLIENT_SECRET_PLACEHOLDER}} - Azure AD Client Secret
  • {{TENANT_ID_PLACEHOLDER}} - Azure AD Tenant ID
  • {{APIM_GATEWAY_URL}} - APIM Gateway URL

Pre-authorized Applications

Configured in preauth.json for OAuth consent bypass (excluded from repository for security).

Development

Prerequisites

  • Python 3.9+
  • Azure Functions Core Tools
  • Azure CLI
  • Valid Azure AD App Registration

Local Development

# Install dependencies
pip install -r requirements.txt

# Start local development server
func start

Deployment

  1. Deploy Azure Function App
  2. Configure APIM with included policy files
  3. Update policy placeholders with actual values
  4. Configure OAuth app registration and permissions

MCP Integration

This service is designed to work as a backend for Model Context Protocol implementations, providing:

  • Authenticated Microsoft Graph API access
  • Tool discovery and execution
  • Secure user context management

Security Notes

⚠️ Important:

  • Never commit actual secrets, IDs, or tokens to version control
  • Use Azure Key Vault for production secret management
  • Regularly rotate client secrets and review OAuth permissions
  • Monitor APIM analytics for unusual access patterns

Tools (5)

helloReturns a personalized greeting message.
echoReturns the exact request body sent for testing and debugging.
toolsReturns available tools and their schemas.
meRetrieves the authenticated user's profile from Microsoft Graph API.
statusReturns service status, authentication state, and user context information.

Environment Variables

CLIENT_IDrequiredAzure AD Application ID
CLIENT_SECRETrequiredAzure AD Client Secret
TENANT_IDrequiredAzure AD Tenant ID
APIM_GATEWAY_URLrequiredAPIM Gateway URL

Configuration

claude_desktop_config.json
{"mcpServers": {"mcp-auth-funcapp": {"command": "python", "args": ["path/to/your/app.py"], "env": {"CLIENT_ID": "your-client-id", "CLIENT_SECRET": "your-client-secret", "TENANT_ID": "your-tenant-id", "APIM_GATEWAY_URL": "your-apim-url"}}}}

Try it

Get my user profile information using the me tool.
Check the current status and authentication state of the service.
Test the echo endpoint with a sample JSON payload.
List all available tools provided by the MCP server.

Frequently Asked Questions

What are the key features of MCPAuthFuncapp?

OAuth 2.0 On-Behalf-Of flow for secure token exchange. Seamless integration with Azure Active Directory. Authenticated access to Microsoft Graph API. Automatic token validation and refresh via APIM policies.

What can I use MCPAuthFuncapp for?

Enabling AI agents to securely access Microsoft Graph user data. Building authenticated MCP backends on Azure infrastructure. Standardizing tool discovery for enterprise-grade MCP implementations.

How do I install MCPAuthFuncapp?

Install MCPAuthFuncapp by running: pip install -r requirements.txt && func start

What MCP clients work with MCPAuthFuncapp?

MCPAuthFuncapp works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep MCPAuthFuncapp docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all cloud servers →

Related MCP Servers

SSH MCP Server
Execute shell commands on remote Linux and Windows systems via SSH.
cloud346 stars
Hono MCP Server
Expose your Hono API endpoints as MCP tools.
cloud77 stars
n8n Manager for AI Agents
Manage n8n workflow automation instances through AI agent tools.
cloud54 stars
Kilntainers
Give Every Agent an Ephemeral Linux Sandbox — via MCP
cloud36 stars
AWS MCP Server
Manage and provision AWS resources using natural language prompts
cloud27 stars
Dynamics 365 Finance & Operations
Production-ready MCP server for Microsoft Dynamics 365 Finance & Operations
cloud25 stars