gdrive-full-access-mcp

duquesnay/gdrive-full-access-mcp

3.2

If you are the rightful owner of gdrive-full-access-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

A serverless MCP server providing full Google Drive access through OAuth2 authentication, designed for deployment on Scaleway Functions.

Google Drive Full Access MCP Server

A serverless MCP (Model Context Protocol) server providing full Google Drive access through OAuth2 authentication, designed for deployment on Scaleway Functions.

Overview

This project extends the capabilities of the fly_agile_gdrive_mcp local server to provide:

  • OAuth2 Authentication: Personal Google account access (not service accounts)
  • Serverless Deployment: Optimized for Scaleway Functions
  • Multi-tenant Support: Deploy multiple instances for different accounts/folders
  • HTTP Transport: Compatible with web clients (Claude Chat, iOS app, etc.)
  • Full Drive Access: Read/write access to user's entire Drive or specific folders

Key Differences from Local Version

FeatureLocal MCP (fly_agile)Serverless MCP (this)
AuthenticationService AccountOAuth2 (personal)
TransportStdio (local only)HTTP/REST API
DeploymentLocal processScaleway Functions
Multi-tenantSingle instanceMultiple deployments
Client supportClaude Desktop onlyWeb, mobile, any HTTP client

Planned Features

Core Functionality (from fly_agile_gdrive_mcp v1.0.0)

All features from the local version will be available:

Read Operations
  • ✅ List files with filtering and pagination
  • ✅ Search files using Google Drive query syntax
  • ✅ Read file content with automatic format conversion
  • ✅ Get detailed file metadata
Write Operations (Phase 1)
  • ✅ Create new files (Docs, Sheets, Slides)
  • ✅ Upload files from URLs or base64 data
  • ✅ Update existing file content (text files only)
  • ✅ Move files between folders
  • ✅ Rename files
  • ✅ Create new folders

New Serverless Features

Authentication & Security
  • OAuth2 flow with refresh token management
  • Secure token storage (Scaleway Secrets Manager)
  • Per-user authentication and isolation
  • Optional folder-scoped access restrictions
  • API key authentication for client applications
Serverless Optimizations
  • Stateless request handling
  • Efficient cold start optimization
  • Automatic scaling with Scaleway
  • Request/response caching
  • Rate limiting per user
Multi-tenant Architecture
  • Deploy multiple instances with different configs
  • Support for multiple Google accounts
  • Folder-level access isolation
  • Custom domain support per deployment

Deployment Architecture

┌─────────────┐     ┌──────────────┐     ┌─────────────────┐
│   Claude    │────▶│  Scaleway    │────▶│  Google Drive   │
│  Clients    │ HTTP│  Functions   │OAuth│      API        │
└─────────────┘     └──────────────┘     └─────────────────┘
                           │
                    ┌──────▼───────┐
                    │   Secrets    │
                    │   Manager    │
                    └──────────────┘

Use Cases

Personal Drive Access

Deploy for your personal Google account to give Claude access to your documents:

  • Research papers and notes
  • Project documentation
  • Personal knowledge base

Team Folders

Deploy per team/project with folder restrictions:

  • Marketing team instance → Marketing folder only
  • Engineering docs instance → Tech specs folder only
  • Finance instance → Financial reports folder only

Multi-Account Support

Deploy separate instances for different Google accounts:

  • Personal Gmail account
  • Work Google Workspace account
  • Client-specific accounts

Configuration

Each deployment can be configured with:

# scaleway-function-config.yaml
environment:
  ALLOWED_FOLDERS: "folder_id1,folder_id2"  # Optional: restrict access
  OAUTH_CLIENT_ID: "from_google_console"
  OAUTH_CLIENT_SECRET: "@secret:oauth_secret"
  ALLOWED_ORIGINS: "https://claude.ai,https://claude-chat.example.com"
  RATE_LIMIT: "100"  # requests per minute per user

Security Considerations

  • OAuth2 tokens stored securely in Scaleway Secrets Manager
  • No credentials in code or environment variables
  • Per-user rate limiting to prevent abuse
  • Optional IP allowlisting
  • Audit logging for all operations
  • Automatic token refresh handling

Development Roadmap

Phase 1: Core Migration

  • Adapt core logic from fly_agile_gdrive_mcp
  • Implement OAuth2 flow
  • Create HTTP endpoint handlers
  • Add Scaleway deployment configuration

Phase 2: Multi-tenant Features

  • User isolation and session management
  • Folder-scoped access restrictions
  • Per-deployment configuration
  • Custom domain support

Phase 3: Advanced Features

  • Implement caching layer
  • Add batch operations support
  • WebSocket support for real-time updates
  • Advanced search from Phase 2 backlog

License

MIT

Acknowledgments

Based on fly_agile_gdrive_mcp - the local MCP server implementation.