Skip to content

feat: interactive OAuth flow added #368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: interactive OAuth flow added #368

wants to merge 1 commit into from

Conversation

aaudzei
Copy link
Contributor

@aaudzei aaudzei commented Jul 30, 2025

PR adds OAuth interactive authentication flow as a default token retrieval mechanism.
Original credentials flows are kept but need to be opted-in via command line args.

This is still WIP. ClientID needs to be replaced with a "ADO trusted" app once it is available.
Readme and Troubleshooting need to be updated as well.

GitHub issue number

Associated Risks

PR Checklist

  • I have read the contribution guidelines
  • I have read the code of conduct guidelines
  • Title of the pull request is clear and informative.
  • 👌 Code hygiene
  • 🔭 Telemetry added, updated, or N/A
  • 📄 Documentation added, updated, or N/A
  • 🛡️ Automated tests added, or N/A

🧪 How did you test it?

Manually via inspector, all authentication options

@github-actions GitHub Actions
Copy link

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@aaudzei aaudzei mentioned this pull request Jul 31, 2025
Closed
7 tasks
anydot
anydot reviewed Jul 31, 2025
View reviewed changes
src/auth.ts

class OAuthAuthenticator {
static clientId = "ac9c72b1-86e4-4849-be22-eaae7731117a";
static authority = "https://login.microsoftonline.com/common";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should use common only if user didn't provide any specific tenant and use that tenant instead - that would make it possible for guest users to use the MCP server

@danhellem danhellem linked an issue Aug 5, 2025 that may be closed by this pull request
Allow Interactive Browser Authorization for Machines without Azure CLI #306
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anydot anydot anydot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow Interactive Browser Authorization for Machines without Azure CLI
2 participants
@aaudzei @anydot