This template is for Azure DevOps Remote MCP Server feedback only.
Important
Internal Microsoft users: Do NOT file issues here. Please use the internal Teams channel to share your feedback.
Issue Type
• [ ] Feedback on Remote MCP Server
• [ ] Bug in Remote MCP Server
• [x] Tool or feature request for Remote MCP Server
Tool(s)
This is not related to a specific tool. This is a new feature request for the Remote MCP Server's authentication layer.
Proposed feature: CLI-compatible authentication mechanism (e.g., PAT-based auth, device code flow, or az cli token passthrough) for the Remote MCP Server
endpoint (https://mcp.dev.azure.com/{organization}).
Description
Requested capability:
The Remote MCP Server currently only supports Microsoft Entra ID OAuth authentication via interactive browser-based flows. This works well in IDE
environments like VS Code and Visual Studio, which have built-in OAuth handling. However, CLI-based MCP clients (e.g., Cortex Code, Claude Code, and other
terminal-based AI assistants) cannot complete the interactive browser OAuth flow, making the Remote MCP Server inaccessible from these environments.
Request: Add support for one or more of the following non-interactive authentication methods:
- Personal Access Token (PAT) via Authorization header (e.g., Basic or Bearer scheme)
- Device code flow -- prompt the user with a URL and code to authenticate in a browser, then continue the session in the CLI
- Azure CLI token passthrough -- allow clients to pass a Bearer token obtained via az account get-access-token
Why this is needed:
• The Remote MCP Server's key value proposition is eliminating local setup complexity, but CLI users are forced to fall back to the local MCP server (npx
@azure-devops/mcp) because the remote endpoint doesn't accept any non-interactive auth method.
• Many developers and AI-assisted workflows operate in terminal environments where browser-based OAuth popups are not feasible.
• PAT authentication is already supported by the local MCP server and the Azure DevOps REST API itself, so extending this to the remote server would be
consistent.
Example scenario:
A developer using Cortex Code CLI configures the remote MCP server:
{
"servers": {
"ado-remote-mcp": {
"url": "https://mcp.dev.azure.com/myorg",
"type": "http",
"headers": {
"Authorization": "Basic <base64-encoded-PAT>"
}
}
}
}
Currently this fails with a connection error because the server does not accept PAT-based authentication. The user must instead set up the local server
with Node.js, negating the benefit of the remote server.
This template is for Azure DevOps Remote MCP Server feedback only.
Important
Internal Microsoft users: Do NOT file issues here. Please use the internal Teams channel to share your feedback.
Issue Type
• [ ] Feedback on Remote MCP Server
• [ ] Bug in Remote MCP Server
• [x] Tool or feature request for Remote MCP Server
Tool(s)
This is not related to a specific tool. This is a new feature request for the Remote MCP Server's authentication layer.
Proposed feature: CLI-compatible authentication mechanism (e.g., PAT-based auth, device code flow, or az cli token passthrough) for the Remote MCP Server
endpoint (https://mcp.dev.azure.com/{organization}).
Description
Requested capability:
The Remote MCP Server currently only supports Microsoft Entra ID OAuth authentication via interactive browser-based flows. This works well in IDE
environments like VS Code and Visual Studio, which have built-in OAuth handling. However, CLI-based MCP clients (e.g., Cortex Code, Claude Code, and other
terminal-based AI assistants) cannot complete the interactive browser OAuth flow, making the Remote MCP Server inaccessible from these environments.
Request: Add support for one or more of the following non-interactive authentication methods:
Why this is needed:
• The Remote MCP Server's key value proposition is eliminating local setup complexity, but CLI users are forced to fall back to the local MCP server (npx
@azure-devops/mcp) because the remote endpoint doesn't accept any non-interactive auth method.
• Many developers and AI-assisted workflows operate in terminal environments where browser-based OAuth popups are not feasible.
• PAT authentication is already supported by the local MCP server and the Azure DevOps REST API itself, so extending this to the remote server would be
consistent.
Example scenario:
A developer using Cortex Code CLI configures the remote MCP server:
Currently this fails with a connection error because the server does not accept PAT-based authentication. The user must instead set up the local server
with Node.js, negating the benefit of the remote server.