[BUG] Microsoft 365 MCP Server authentication fails with AADSTS9000411: duplicated 'prompt' parameter
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
When attempting to authenticate with the Microsoft 365 MCP server (https://microsoft365.mcp.claude.com/mcp), the OAuth flow fails
with the following error from Microsoft Entra ID:
> AADSTS9000411: The request is not properly formatted. The parameter 'prompt' is duplicated.
This indicates the OAuth authorization URL is being constructed with the prompt parameter specified twice, which Microsoft
rejects.
What Should Happen?
The OAuth authorization URL should contain the prompt parameter only once, allowing authentication to proceed normally.
Error Messages/Logs
Sign in
Sorry, but we're having trouble signing you in.
AADSTS9000411: The request is not properly formatted. The parameter 'prompt' is duplicated.
Steps to Reproduce
- Configure the Microsoft 365 MCP server in Claude Code
- claude mcp add --scope user --transport http microsoft365 https://microsoft365.mcp.claude.com/mcp
- Run
claude mcp list- showsmicrosoft365: ! Needs authentication - Attempt to authenticate via the sign-in flow
- Microsoft displays the error page with AADSTS9000411
Claude Model
Opus
Is this a regression?
I don't know
Last Working Version
_No response_
Claude Code Version
2.1.20 (Claude Code)
Platform
Anthropic API
Operating System
Windows
Terminal/Shell
Windows Terminal
Additional Information
GitBash - fresh install of Claude Code using native windows installer
Request Id: 54edaff0-f566-49ce-ada6-a69fb9799100
Correlation Id: dff75423-a80c-4d7f-8f8a-e8f6a67e5c13
Timestamp: 2026-01-27T19:07:22Z
Message: AADSTS9000411: The request is not properly formatted. The parameter 'prompt' is duplicated.
original URL sent
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=select_account&response_type=code&client_id=08ad6f98-a4f8-4635-bb8d-f1a3044760f0&code_challenge=HYm6ERB76Y3rnmvZ_LVViafJWUMvD7TmADInaMCI5MQ&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A42050%2Fcallback&state=U-wmpwwCrflBAzUOXck8Riwsm4p1I96Xz5Tvr8G4SRY&scope=api%3A%2F%2F07c030f6-5743-41b7-ba00-0a6e85f37c17%2F.default+offline_access&prompt=consent
this URL clearly confirms the bug - two prompt parameters:
- prompt=select_account (at the start)
- prompt=consent (at the end)
thank you
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗