MCP Server with Azure Entra ID Authentication and OBO flow for Microsoft Search
Project description
On-behalf-of flow with Entra ID and FastMCP
Blog post: https://baeke.info/2025/07/29/end-to-end-authorization-with-entra-id-and-mcp/
Instructions
1. Create and activate a Python virtual environment
python3 -m venv .venv
source .venv/bin/activate
2. Install dependencies
pip install -r requirements.txt
3. Set up environment variables
Create a .env file in the project root with the required Azure and API credentials (see example files for required variables).
4. Start the MCP server
python -m mcp.main
5. Run the MCP client
In a new terminal (with the virtual environment activated):
python mcp_client.py
Diagrams
sequenceDiagram
autonumber
participant User
participant Client
participant AzureAD as "Azure Entra ID"
participant MCP
participant MSGraph
User->>Client: Initiate Device Flow
Client->>AzureAD: Start Device Code Flow
AzureAD-->>Client: Device Code + Verification URL
Client->>User: Show Code + URL
User->>AzureAD: Authenticates via browser
AzureAD-->>Client: Returns Access Token (for MCP)
Client->>MCP: Call tool with Bearer Access Token
MCP->>AzureAD: OBO request for token to call MS Graph\n(include access token as assertion)
AzureAD-->>MCP: Returns new Access Token (for MS Graph)
MCP->>MSGraph: Call Graph API with new token
MSGraph-->>MCP: Graph data
MCP-->>Client: Return tool result
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iflow_mcp_gbaeke_mcp_obo-0.1.0.tar.gz.
File metadata
- Download URL: iflow_mcp_gbaeke_mcp_obo-0.1.0.tar.gz
- Upload date:
- Size: 9.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5fab00343dfe029c068e1baf5b18ea0dd3aff58d4465da5300016b0f2ce64667
|
|
| MD5 |
8624dabbb5f30d625e7c86a7dba9986a
|
|
| BLAKE2b-256 |
78e78f662e98c17276446f05e5add0ffbef659f701a3009b4e6f47e6d05f57e1
|
File details
Details for the file iflow_mcp_gbaeke_mcp_obo-0.1.0-py3-none-any.whl.
File metadata
- Download URL: iflow_mcp_gbaeke_mcp_obo-0.1.0-py3-none-any.whl
- Upload date:
- Size: 4.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.26 {"installer":{"name":"uv","version":"0.9.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d77fd3833057243e15353c23d2a7df95d03f927556246969a991c7581d56b170
|
|
| MD5 |
8959a2ce5c3a150ebd5fc95bee56dd55
|
|
| BLAKE2b-256 |
52f7a7cdee07dcc66381560c2c0373a3e822f761ad6922016a616102b01234f9
|
