Skip to content

fix(microsoft-teams): rename public host to graph-mcp.decocms.com#445

Open
viktormarinho wants to merge 2 commits into
mainfrom
viktormarinho/teams-mcp-oauth-callback-url
Open

fix(microsoft-teams): rename public host to graph-mcp.decocms.com#445
viktormarinho wants to merge 2 commits into
mainfrom
viktormarinho/teams-mcp-oauth-callback-url

Conversation

@viktormarinho
Copy link
Copy Markdown
Contributor

@viktormarinho viktormarinho commented May 22, 2026
edited by cubic-dev-ai Bot
Loading

Summary

  • Azure AD rejected https://microsoft-teams-mcp.decocms.com/oauth/callback with "Your reply url contains prohibited words or prohibited domains" — the filter blocks brand tokens like microsoft and teams in the host, and the old subdomain contained both
  • Rename the MCP's public host to graph-mcp.decocms.com (references Microsoft Graph without using the trademarked word). Worker name, package name, and log service id are left as microsoft-teams-mcp since those don't affect the URL filter and renaming the worker would orphan the TEAMS_KV binding
  • Updated: wrangler.toml custom-domain route, app.json connection URL, WEBHOOK_URL default in env.ts, and SERVER_PUBLIC_URL fallback in subscriptions.ts

Out-of-repo follow-up

  • Add graph-mcp.decocms.com CNAME in the decocms.com Cloudflare zone (the route in wrangler.toml provisions the custom-domain binding on next wrangler deploy)
  • In the Azure AD app registration: Authentication → Web → register https://graph-mcp.decocms.com/oauth/callback

Test plan

  • wrangler deploy provisions the new custom domain
  • Azure AD accepts https://graph-mcp.decocms.com/oauth/callback as a reply URL
  • "Connect to Microsoft" OAuth flow completes end-to-end on the new host
  • Re-running subscribe_to_channel produces a Graph subscription whose notificationUrl points at the new host, and a test message in that channel fires the teams.message.received trigger

🤖 Generated with Claude Code

Summary by cubic

Renamed the Teams MCP public host to graph-mcp.decocms.com to bypass Azure AD’s reply URL filter. Updated the connection URL, default WEBHOOK_URL, and SERVER_PUBLIC_URL fallback so OAuth and Graph subscriptions use the new domain.

  • Migration
    • Add a graph-mcp.decocms.com CNAME in the decocms.com Cloudflare zone.
    • In Azure AD, add https://graph-mcp.decocms.com/oauth/callback as a reply URL.

Written for commit 2fbd2bd. Summary will update on new commits. Review in cubic

@viktormarinho @claude
fix(microsoft-teams): rename public host to graph-mcp.decocms.com
6952e76 
Azure AD rejects reply URLs whose host contains brand tokens like
"microsoft" or "teams" with "Your reply url contains prohibited words
or prohibited domains." The old host tripped both. Switch the public
domain to graph-mcp.decocms.com so /oauth/callback can be registered.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 4 files

Re-trigger cubic

@viktormarinho @claude
fmt
2fbd2bd 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@viktormarinho