Hosted Microsoft 365 MCP server OAuth fails: duplicate prompt param + unregistered redirect URIs

Resolved 💬 3 comments Opened Apr 24, 2026 by aridspider12-dev Closed Jun 1, 2026

Summary

The hosted Microsoft 365 MCP server at https://microsoft365.mcp.claude.com/mcp has two bugs that prevent completing OAuth on Entra tenants.

Bug 1 — Duplicate prompt parameter in authorization URL

The OAuth discovery doc at /.well-known/oauth-authorization-server bakes a query param into the authorization endpoint:

"authorization_endpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=select_account"

The server's authenticate tool then appends &prompt=consent, resulting in a URL with two prompt parameters. Entra rejects:

AADSTS9000411: The request is not properly formatted. The parameter 'prompt' is duplicated.

Claude Code's built-in /mcp OAuth flow hits the same duplication.

Bug 2 — Dynamic redirect URI not whitelisted on Anthropic's Entra app

After manually deduping prompt, sign-in + consent succeed. Final redirect fails:

AADSTS50011: The redirect URI 'http://localhost:55995/callback' specified in the request does not match the redirect URIs configured for the application '08ad6f98-a4f8-4635-bb8d-f1a3044760f0'.

The authenticate tool issues URLs using the shared client_id 08ad6f98-a4f8-4635-bb8d-f1a3044760f0 with dynamic localhost callback ports (observed: 51623, 55995, 60048 — different every call). These aren't whitelisted on Anthropic's Entra app, and consuming tenants have no way to add URIs to an upstream app. The server exposes /oauth2/register (Dynamic Client Registration) but authenticate doesn't use it.

Repro

  1. claude mcp add --transport http --scope user microsoft365 https://microsoft365.mcp.claude.com/mcp
  2. /mcp → select microsoft365 → Bug 1 fires on the authorize GET
  3. Manually dedupe prompt in the URL → sign-in + consent succeed → Bug 2 fires on redirect

Side effect — tenant pollution

Tenant-wide admin consent is recorded at step 3 before the redirect fails. The connector's Enterprise App ends up persisted with broad delegated scopes (Mail, Calendar, Teams, Files, Sites, online-meeting recordings/transcripts, etc.) in the consuming tenant even though auth never completes. Admins should audit and revoke.

Environment

  • Claude Code 2.1.119 on Linux
  • Entra multi-tenant (v2.0)

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗