Expand SharePoint Embedded MCP server article: available tools, configuration, and SPA auth guidance#10950
Conversation
…A auth guidance Incorporates PM review feedback on the merged getting-started article (PR SharePoint#10940): - Add an Available tools table grouped by task with representative tool names. - Add a Configuration section documenting CLI flags and environment variables. - Add brief per-client descriptions for VS Code and Claude Desktop. - Add an IMPORTANT callout that bring-your-own app registrations must register the React sample origin as a Single-page application (SPA) redirect URI (http://localhost:5173 + deployed origin) to avoid AADSTS9002326, plus the public-client http://localhost redirect.
|
Learn Build status updates of commit 00ea84d: ✅ Validation status: passed
For more details, please refer to the build report. |
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
Remove the hardcoded sample-app port (http://localhost:5173), the http://localhost public-client redirect, the AADSTS9002326 error code, and the 'Allow public client flows' step from the pre-provisioned-app IMPORTANT callout. State the requirement conceptually (register the app's sign-in URL as a Single-page application redirect URI in Authentication to acquire a token) and defer the exact redirect URIs to the server README, so the Learn doc doesn't need edits when implementation details like the sample app port change.
|
Learn Build status updates of commit 697703b: ✅ Validation status: passed
For more details, please refer to the build report. |
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
andrewconnell
left a comment
There was a problem hiding this comment.
Please fix merge conflicts before updating we can review the doc.
Also, do not update the ms.date. This is set for the doc creeation time & then let the rendering engine use the file's git history to render the last updated date.
Follow-up to #10940 (merged), incorporating review feedback from the SharePoint Embedded PM team on the getting-started article
docs/embedded/getting-started/sharepoint-embedded-mcp-server.md.What changed
Available tools — Reworked the tool overview into a scannable table grouped by task (Provisioning and status, Billing, Scaffold/run/deploy, Content operations, Documentation), with representative tool names, mirroring the "Available Tools" section in the server README. Tool names were verified against the server source.
Configuration — Added a new
## Configurationsection documenting the CLI flags and their equivalent environment variables (--client-id/SPE_CLIENT_ID,--tenant-id/SPE_TENANT_ID,--read-only/SPE_READ_ONLY,--tools/SPE_TOOLS,--data-dir/SPE_DATA_DIR), matching the repo's Configuration reference.Per-client descriptions — Added brief lead-in descriptions to the Visual Studio Code and Claude Desktop subsections (Cursor already had one) so each client has a short "how to use it" note like the GitHub repo.
Existing app-registration auth guidance — Added an IMPORTANT callout under Pre-provisioned-app mode clarifying that a bring-your-own app registration must:
http://localhost(Mobile and desktop) redirect for the server's own interactive sign-in, andhttp://localhost:5173for local dev + the deployed origin).Without a matching SPA redirect URI, browser sign-in fails with
AADSTS9002326. Apps the server provisions in bootstrap mode get these platforms automatically. This directly addresses the PM note that existing app registrations need the URL registered as a single-page app to get a token.Also bumped
ms.dateto 07/14/2026.Notes
docs/embedded/getting-started/sharepoint-embedded-mcp-server.md.Go-live
This is intended to publish with the SharePoint Embedded Learn docs revamp targeted for this Friday. Learn publishes changes on the next scheduled build after merge to
main, so merging before the Friday publish window will include it in that release.