# Microsoft 365 OAuth Configuration
# Create an Azure AD app registration and get these values:
# Your Azure AD App Registration Client ID
MS365_MCP_CLIENT_ID=your-azure-ad-app-client-id-here
# Your Azure AD App Registration Client Secret (optional, for confidential clients)
MS365_MCP_CLIENT_SECRET=your-azure-ad-app-client-secret-here
# Tenant ID - use "common" for multi-tenant or your specific tenant ID
MS365_MCP_TENANT_ID=common
# Instructions:
# 1. Go to https://portal.azure.com
# 2. Navigate to Azure Active Directory → App registrations → New registration
# 3. Set name: "MS365 MCP Server"
# 4. Add these redirect URIs (for MCP Inspector testing):
# - http://localhost:6274/oauth/callback
# - http://localhost:6274/oauth/callback/debug
# - http://localhost:3000/callback (optional, for server callback)
# 5. Copy the Client ID from Overview page
# 6. Go to Certificates & secrets → New client secret → Copy the secret value
# 7. Replace the values above with your actual credentials
# 8. Rename this file to .env
# -------------------------------------------------------------------
# Azure Key Vault Integration (Optional)
# -------------------------------------------------------------------
# When set, secrets are fetched from Azure Key Vault instead of environment variables.
# This is useful for production deployments, especially with Azure Container Apps.
#
# MS365_MCP_KEYVAULT_URL=https://your-keyvault-name.vault.azure.net
#
# Key Vault secret names (store these in your Key Vault):
# - ms365-mcp-client-id (required)
# - ms365-mcp-tenant-id (optional, defaults to "common")
# - ms365-mcp-client-secret (optional)
#
# Authentication uses DefaultAzureCredential, which supports:
# - Managed Identity (recommended for Azure Container Apps)
# - Azure CLI credentials (for local development)
# - Environment variables (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
#
# See README.md for detailed Azure Key Vault setup instructions.
