4.1 KiB
4.1 KiB
Outlook Manual Setup Guide
Use this guide if you prefer manual setup via Azure Portal, or if the automated setup fails.
Prerequisites
- Microsoft account (Outlook.com, Hotmail, Live, or Microsoft 365)
- Access to Azure Portal
jqinstalled (sudo apt install jq)
Step 1: Create Azure App Registration
- Go to https://portal.azure.com
- Search for "App registrations" → Click it
- Click "+ New registration"
- Configure:
- Name:
Clawdbot-Outlook(or any name) - Supported account types: "Accounts in any organizational directory and personal Microsoft accounts"
- Redirect URI: Platform = Web, URI =
http://localhost
- Name:
- Click Register
Step 2: Get Client Credentials
After registration:
- On the app overview page, copy the Application (client) ID → This is your
CLIENT_ID - Go to Certificates & secrets in the left menu
- Click + New client secret
- Add a description (e.g., "clawdbot") and choose expiration
- Click Add
- Immediately copy the Value (not the ID) → This is your
CLIENT_SECRET- ⚠️ You can only see this once!
Step 3: Configure API Permissions
- Go to API permissions in the left menu
- Click + Add a permission
- Select Microsoft Graph → Delegated permissions
- Add these permissions:
Mail.ReadWrite- Read and write mailMail.Send- Send mailCalendars.ReadWrite- Read and write calendarUser.Read- Read user profile
- Click Add permissions
Note: offline_access is requested during auth, not configured here.
Step 4: Save Configuration
Create the config directory and files:
mkdir -p ~/.outlook-mcp
Create ~/.outlook-mcp/config.json:
{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}
Secure the file:
chmod 600 ~/.outlook-mcp/config.json
Step 5: Authorize the App
Build the authorization URL (replace YOUR_CLIENT_ID):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=http://localhost&scope=https://graph.microsoft.com/Mail.ReadWrite%20https://graph.microsoft.com/Mail.Send%20https://graph.microsoft.com/Calendars.ReadWrite%20offline_access&response_mode=query
- Open the URL in a browser
- Sign in with your Microsoft account
- Grant the requested permissions
- You'll be redirected to
http://localhost?code=XXXXX... - Copy the
codevalue from the URL (everything aftercode=until&or end)
Step 6: Exchange Code for Tokens
CLIENT_ID="your-client-id"
CLIENT_SECRET="your-client-secret"
AUTH_CODE="the-code-from-step-5"
curl -s -X POST "https://login.microsoftonline.com/common/oauth2/v2.0/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&code=$AUTH_CODE&redirect_uri=http://localhost&grant_type=authorization_code&scope=https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Calendars.ReadWrite offline_access" \
> ~/.outlook-mcp/credentials.json
chmod 600 ~/.outlook-mcp/credentials.json
Step 7: Verify Setup
ACCESS_TOKEN=$(jq -r '.access_token' ~/.outlook-mcp/credentials.json)
curl -s "https://graph.microsoft.com/v1.0/me/mailFolders/inbox" \
-H "Authorization: Bearer $ACCESS_TOKEN" | jq '{total: .totalItemCount, unread: .unreadItemCount}'
You should see your inbox statistics.
Troubleshooting
"AADSTS700016: Application not found"
- Double-check the client_id is correct
- Ensure you selected "Accounts in any organizational directory and personal Microsoft accounts"
"AADSTS7000218: Invalid client secret"
- Client secrets can only be viewed once - create a new one if lost
"AADSTS65001: User hasn't consented"
- Re-run the authorization step (Step 5)
- Make sure you click "Accept" on the consent screen
"Token expired"
- Access tokens last ~1 hour
- Run
./scripts/outlook-token.sh refreshto get a new one
Work/School Account Issues
- Your organization may require admin consent
- Contact your IT admin or use a personal Microsoft account