Developer builds open-source tool to give AI read-only access to Microsoft Loop safely
A developer has released an open-source tool called loop-reader-mcp that allows AI assistants to read Microsoft Loop pages without bypassing user permissions. The challenge arose because Microsoft Loop lacks a content API and stores data across SharePoint Embedded and OneDrive, while SharePoint Embedded does not accept standard per-user authentication tokens for content retrieval. The solution splits the process into two steps: content discovery runs under the user's identity via Microsoft Graph Search, which automatically trims results to only pages that user can access, while actual retrieval uses an app-level identity gated strictly to items the user personally discovered. This design ensures that authorization decisions are enforced by Microsoft rather than the developer's own code, preventing any user from accessing Loop pages they do not have permission to view. The project is available on GitHub under an MIT license and exposes three read-only tools through a remote Model Context Protocol server.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in