outlook-mcp

auth

Check authentication status or initiate OAuth flow for Microsoft Graph API. Use device-code mode for headless environments or browser mode for redirect. Tokens auto-refresh and persist.

Instructions

Manage authentication with the Microsoft Graph API. action=status (default) returns the current auth state and auto-refreshes the access token if it's expired but the refresh token is still valid (~90-day window) — call this first to check before other tools. action=authenticate starts the OAuth flow: with method: "device-code" (default, works headlessly) it returns a code + URL for the user to visit; with method: "browser" it opens the local auth server on :3333 (run npm run auth-server first). Pass force: true to re-authenticate over an existing valid session. action=device-code-complete finishes device-code auth after the user enters the code in their browser — call this once authentication shows as successful in the browser. action=about returns server version, configured audience, scope list, and other diagnostic info. Tokens persist to ~/.outlook-assistant-tokens.json and survive server restarts.

Input Schema

TableJSON Schema

Name	Required	Description
`action`	No	Action to perform (default: status)
`method`	No	Auth method for action=authenticate. device-code (default): no auth server needed, works remotely. browser: traditional OAuth redirect via port 3333.
`force`	No	Force re-authentication even if already authenticated (action=authenticate only)

Tool Definition Quality

A4.8/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Description discloses critical behaviors beyond annotations: auto-refresh with 90-day window, token persistence to file, headless vs browser flow details. Annotations (readOnlyHint=false, destructiveHint=false) don't contradict, and description enriches with operational context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Front-loaded with overall purpose, then organized by action. Each sentence provides necessary detail. Slightly long due to multiple action descriptions, but no padding. Could be slightly tighter but well-structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

No output schema, but description explains what each action returns (auth state, code+URL, diagnostic info). Covers token persistence, prerequisites, and workflow for device code. Fully sufficient for agent to understand and invoke correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema has 100% coverage with descriptions for all 3 parameters. Description adds value by clarifying defaults (action defaults to status, method defaults to device-code) and explaining force behavior. No contradictions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clear verb 'Manage authentication' with specific resource 'Microsoft Graph API'. Lists four distinct actions (status, authenticate, device-code-complete, about) with no ambiguity. Distinct from all sibling tools, which are not authentication-related.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states 'call this first to check before other tools'. Provides detailed when-to-use for each action, including prerequisites for browser method ('run npm run auth-server first') and force flag usage. No exclusions needed as sibling tools are unrelated.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/littlebearapps/outlook-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server