Model Context Protocol (MCP) Server + Microsoft Entra ID OAuth + Todo Management MCP Server

How to use

Connect to your MCP server from an MCP client or tooling that supports the Streamable HTTP transport. Once connected and you complete the OAuth flow, you gain access to tools that let you retrieve your Microsoft Graph user profile, list and manage todo lists, and work with individual tasks. You can open a Claude/desktop client or other MCP clients configured to your server URL to list, create, update, or delete todo items and lists, and to set due dates, reminders, and categories.

Typical usage patterns include: retrieving your user profile, listing all todo lists, creating a new list, adding tasks with due dates and reminders, updating task properties (title, description, status, due date, reminders, categories), and deleting completed tasks or entire lists. You can also test the connection using the provided Inspector workflow to ensure the MCP server is reachable and that authentication succeeds.

How to install

Prerequisites: you need a development environment with Node.js and npm, and you should have Wrangler installed for Cloudflare Workers deployments.

1) Prepare your Azure AD OAuth application for Entra ID integration in your Azure tenant. Create a new app registration, note the Application (client) ID and Directory (tenant) ID, and generate a client secret. Grant the required Microsoft Graph permissions (User.Read and Tasks.ReadWrite) and consent as an admin.

2) Install project dependencies and set up environment secrets. You will store sensitive values as Wrangler secrets.

npm install
wrangler secret put ENTRA_CLIENT_ID
wrangler secret put ENTRA_CLIENT_SECRET
wrangler secret put ENTRA_TENANT_ID
wrangler secret put COOKIE_ENCRYPTION_KEY
wrangler secret put DEFAULT_TIMEZONE

Additional setup and deployment notes

Configure your KV storage namespace for OAuth state and token data.

wrangler kv namespace create "OAUTH_KV"

Run and test locally or in production

To run locally for development, start the local dev server and expose the MCP endpoint at http://localhost:8789.

wrangler dev

Test the remote MCP server flow with an inspector

Use the Inspector tool to verify the OAuth flow and that the Tools surface correctly after authentication.

npx @modelcontextprotocol/inspector@latest
```
Enter the MCP URL for your server, e.g. https://remote-mcp-entra-oauth-todo.<your-subdomain>.workers.dev/mcp

Access the remote MCP server from Claude Desktop

Configure Claude Desktop to access your MCP server by providing the MCP command that launches the remote server. After restarting Claude Desktop, a browser login page will appear for OAuth, and, once granted, the tools will become available.

For local development

If you want to iterate locally, create a development OAuth app in Azure AD with a localhost redirect and set the development secrets in a local vars file. Run the server with the development flow and test against http://localhost:8789/mcp.

getUserProfile

Retrieve the authenticated Microsoft Graph user profile for the signed-in user.

listTodoLists

Fetch all todo lists for the authenticated user from Microsoft To Do.

createTodoList

Create a new todo list with a specified name for the authenticated user.

updateTodoList

Rename or modify an existing todo list for the authenticated user.

deleteTodoList

Delete a todo list for the authenticated user.

listTasks

List all tasks within a specific todo list.

getTask

Retrieve details for a specific task in a list.

createTask

Create a new task with title, optional body, due date, reminder, importance, and categories.

updateTask

Update properties of an existing task including title, body, status, due date, reminders, and categories.

deleteTask

Remove a task from a list.

add

Simple test tool to add two numbers and verify MCP connectivity.