Hosted Microsoft 365 MCP server OAuth fails: duplicate prompt param + unregistered redirect URIs
Summary
The hosted Microsoft 365 MCP server at https://microsoft365.mcp.claude.com/mcp has two bugs that prevent completing OAuth on Entra tenants.
Bug 1 — Duplicate prompt parameter in authorization URL
The OAuth discovery doc at /.well-known/oauth-authorization-server bakes a query param into the authorization endpoint:
"authorization_endpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=select_account"
The server's authenticate tool then appends &prompt=consent, resulting in a URL with two prompt parameters. Entra rejects:
AADSTS9000411: The request is not properly formatted. The parameter 'prompt' is duplicated.
Claude Code's built-in /mcp OAuth flow hits the same duplication.
Bug 2 — Dynamic redirect URI not whitelisted on Anthropic's Entra app
After manually deduping prompt, sign-in + consent succeed. Final redirect fails:
AADSTS50011: The redirect URI 'http://localhost:55995/callback' specified in the request does not match the redirect URIs configured for the application '08ad6f98-a4f8-4635-bb8d-f1a3044760f0'.
The authenticate tool issues URLs using the shared client_id 08ad6f98-a4f8-4635-bb8d-f1a3044760f0 with dynamic localhost callback ports (observed: 51623, 55995, 60048 — different every call). These aren't whitelisted on Anthropic's Entra app, and consuming tenants have no way to add URIs to an upstream app. The server exposes /oauth2/register (Dynamic Client Registration) but authenticate doesn't use it.
Repro
claude mcp add --transport http --scope user microsoft365 https://microsoft365.mcp.claude.com/mcp/mcp→ selectmicrosoft365→ Bug 1 fires on the authorize GET- Manually dedupe
promptin the URL → sign-in + consent succeed → Bug 2 fires on redirect
Side effect — tenant pollution
Tenant-wide admin consent is recorded at step 3 before the redirect fails. The connector's Enterprise App ends up persisted with broad delegated scopes (Mail, Calendar, Teams, Files, Sites, online-meeting recordings/transcripts, etc.) in the consuming tenant even though auth never completes. Admins should audit and revoke.
Environment
- Claude Code
2.1.119on Linux - Entra multi-tenant (v2.0)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗