Declarative Agent: Connect to OAuth MCP
Software Development Redmond, Washington
Connect declarative agents to OAuth protected MCP with Entra ID app reg for secure Copilot Power Platform flow
Key insights
- Declarative Agent, MCP, and OAuth-protected MCP server overview.
Demo shows how a declarative agent in Microsoft 365 Copilot can call server-side tools exposed by an MCP (Model Context Protocol) server and how to add OAuth protection to that MCP endpoint. - Tools used: Microsoft 365 Agents Toolkit and MCP Inspector.
The toolkit scaffolds the agent and imports MCP tools; MCP Inspector helps test and validate tool endpoints and responses. - Authentication modes and OAuth specifics.
Supported modes include OAuth 2.0 authorization code flow, Microsoft Entra ID SSO, API key, or no auth; when using OAuth, register an OAuth client and include the Teams redirect URI (https://teams.microsoft.com/api/platform/v1.0/oAuthRedirect) if required by the provider. - Developer flow and key steps to implement.
Create a Declarative Agent in VS Code, add an MCP action, enter the MCP URL, pick tools, configure auth, generate the manifest and agent files, then run the toolkit’s Provision and Start debugging flow to test locally. - Runtime auth and plugin binding details.
Bind the plugin to the client registration using the OAuthPluginVault runtime object and its reference_id so Copilot can request user-scoped tokens and call MCP tools securely. - Practical benefits and best practices.
The toolkit offers a more guided, point-and-click setup that auto-fetches tool schemas from the MCP server, reduces manual manifest edits, and lets Copilot call MCP tools with user-scoped access tokens; always test with the MCP Inspector and register your OAuth client before deployment.
Overview of the demo
The video, published by Microsoft, demonstrates how to connect a declarative agent to an OAuth-protected MCP server and explains the end-to-end flow. It features a live walkthrough by Paolo Pialorsi during a Microsoft 365 & Power Platform community call, where he shows architecture, app registration, and testing steps. Moreover, the presentation highlights how Microsoft 365 Copilot calls MCP tools using user-scoped access tokens, which helps clarify practical integration points for developers.
In addition, the demo emphasizes that the Microsoft 365 Agents Toolkit can scaffold the agent, import MCP tools, and guide authentication setup when endpoints require credentials. The recording therefore serves both as a tutorial and a reference for teams building integrations. As a result, viewers gain a clearer picture of how configuration-driven agents pair with standard tool protocols.
Key demo highlights
First, the presenter walks through registering an app in Microsoft Entra ID and configuring an OAuth client to support the authorization code flow. Then he shows how to point the toolkit at an MCP endpoint, select the exposed tools, and generate the agent manifest and configuration files automatically. Consequently, the demo reduces much of the manual wiring that traditionally made plugin integration error-prone and time consuming.
Next, the session introduces the MCP Inspector as a testing tool to validate tool definitions and authentication behavior. The demo also notes the required redirect URI for Teams-based OAuth flows and how that URI fits into the auth configuration. Therefore, developers see both the setup steps and the verification practices that ensure the agent and server interact securely.
How the toolkit and declarative agents work
The declarative agent model defines an agent by configuration and a manifest rather than by hand-coded orchestration, which simplifies maintenance and promotes consistency. The MCP server serves as the source of truth for available tools, exposing function schemas that the agent imports automatically. Thus, teams can update server-side tools independently while keeping the agent manifest aligned through the toolkit.
Moreover, the toolkit’s guided flow—create, point, select, and configure—helps less experienced developers adopt the protocol quickly and reduces mistakes during manifest generation. However, this convenience trades off some flexibility for managed defaults, so teams with specialized needs may still need to edit the generated files. Therefore, the toolkit is best for standard scenarios while custom implementations remain possible for advanced use cases.
Authentication, security tradeoffs, and practical considerations
The demo and documentation outline support for several authentication modes, such as OAuth 2.0 authorization code flow, Microsoft Entra ID SSO, API keys, and no authentication for public endpoints. While SSO and static OAuth simplify credential handling and improve user experience, they require careful configuration and proper redirect URIs to avoid token leakage. Consequently, teams must balance the convenience of SSO against the extra setup and governance it demands.
Additionally, the session explains that using user-scoped tokens gives better access control and auditing, but increases the complexity of token refresh and session management. On the other hand, app-only tokens simplify background services but reduce granular control over user actions. Therefore, architects should weigh security, auditing needs, and operational complexity when choosing an auth pattern for MCP integrations.
Developer experience, challenges, and next steps
The demo illustrates a smoother developer experience because the toolkit can fetch tool lists and generate plugin specifications automatically, but challenges remain around testing and debugging distributed flows. For example, reproducing production-like token scenarios locally can be tricky, and integrations that require custom logic may need manual adjustments beyond the toolkit’s defaults. As a result, teams should plan for additional testing and fallback strategies when building complex agents.
Finally, the recording serves as a practical starting point and recommends that developers validate both the tool contract and the auth flow with the MCP Inspector and local debugging. In addition, teams should document chosen tradeoffs and maintain clear operational guidance for token handling and permissions. Overall, the demo makes it easier to adopt MCP integrations while reminding engineers to balance convenience with security and flexibility.
Keywords
declarative agent OAuth connection, connect declarative agent to MCP, OAuth protected MCP server setup, MCP server OAuth authentication, declarative agent authentication OAuth, OAuth token configuration for MCP, MCP OAuth integration guide, connect agent to OAuth-protected MCP