gdrive-full-access-mcp

duquesnay/gdrive-full-access-mcp

3.2

If you are the rightful owner of gdrive-full-access-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A serverless MCP server providing full Google Drive access through OAuth2 authentication, designed for deployment on Scaleway Functions.

Google Drive Full Access MCP Server

A serverless MCP (Model Context Protocol) server providing full Google Drive access through OAuth2 authentication, designed for deployment on Scaleway Functions.

Overview

This project extends the capabilities of the fly_agile_gdrive_mcp local server to provide:

  • OAuth2 Authentication: Personal Google account access (not service accounts)
  • Serverless Deployment: Optimized for Scaleway Functions
  • Multi-tenant Support: Deploy multiple instances for different accounts/folders
  • HTTP Transport: Compatible with web clients (Claude Chat, iOS app, etc.)
  • Full Drive Access: Read/write access to user's entire Drive or specific folders

Key Differences from Local Version

FeatureLocal MCP (fly_agile)Serverless MCP (this)
AuthenticationService AccountOAuth2 (personal)
TransportStdio (local only)HTTP/REST API
DeploymentLocal processScaleway Functions
Multi-tenantSingle instanceMultiple deployments
Client supportClaude Desktop onlyWeb, mobile, any HTTP client

Planned Features

Core Functionality (from fly_agile_gdrive_mcp v1.0.0)

All features from the local version will be available:

Read Operations
  • βœ… List files with filtering and pagination
  • βœ… Search files using Google Drive query syntax
  • βœ… Read file content with automatic format conversion
  • βœ… Get detailed file metadata
Write Operations (Phase 1)
  • βœ… Create new files (Docs, Sheets, Slides)
  • βœ… Upload files from URLs or base64 data
  • βœ… Update existing file content (text files only)
  • βœ… Move files between folders
  • βœ… Rename files
  • βœ… Create new folders

New Serverless Features

Authentication & Security
  • OAuth2 flow with refresh token management
  • Secure token storage (Scaleway Secrets Manager)
  • Per-user authentication and isolation
  • Optional folder-scoped access restrictions
  • API key authentication for client applications
Serverless Optimizations
  • Stateless request handling
  • Efficient cold start optimization
  • Automatic scaling with Scaleway
  • Request/response caching
  • Rate limiting per user
Multi-tenant Architecture
  • Deploy multiple instances with different configs
  • Support for multiple Google accounts
  • Folder-level access isolation
  • Custom domain support per deployment

Deployment Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   Claude    │────▢│  Scaleway    │────▢│  Google Drive   β”‚
β”‚  Clients    β”‚ HTTPβ”‚  Functions   β”‚OAuthβ”‚      API        β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                           β”‚
                    β”Œβ”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”
                    β”‚   Secrets    β”‚
                    β”‚   Manager    β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Use Cases

Personal Drive Access

Deploy for your personal Google account to give Claude access to your documents:

  • Research papers and notes
  • Project documentation
  • Personal knowledge base

Team Folders

Deploy per team/project with folder restrictions:

  • Marketing team instance β†’ Marketing folder only
  • Engineering docs instance β†’ Tech specs folder only
  • Finance instance β†’ Financial reports folder only

Multi-Account Support

Deploy separate instances for different Google accounts:

  • Personal Gmail account
  • Work Google Workspace account
  • Client-specific accounts

Configuration

Each deployment can be configured with:

# scaleway-function-config.yaml
environment:
  ALLOWED_FOLDERS: "folder_id1,folder_id2"  # Optional: restrict access
  OAUTH_CLIENT_ID: "from_google_console"
  OAUTH_CLIENT_SECRET: "@secret:oauth_secret"
  ALLOWED_ORIGINS: "https://claude.ai,https://claude-chat.example.com"
  RATE_LIMIT: "100"  # requests per minute per user

Security Considerations

  • OAuth2 tokens stored securely in Scaleway Secrets Manager
  • No credentials in code or environment variables
  • Per-user rate limiting to prevent abuse
  • Optional IP allowlisting
  • Audit logging for all operations
  • Automatic token refresh handling

Development Roadmap

Phase 1: Core Migration

  • Adapt core logic from fly_agile_gdrive_mcp
  • Implement OAuth2 flow
  • Create HTTP endpoint handlers
  • Add Scaleway deployment configuration

Phase 2: Multi-tenant Features

  • User isolation and session management
  • Folder-scoped access restrictions
  • Per-deployment configuration
  • Custom domain support

Phase 3: Advanced Features

  • Implement caching layer
  • Add batch operations support
  • WebSocket support for real-time updates
  • Advanced search from Phase 2 backlog

License

MIT

Acknowledgments

Based on fly_agile_gdrive_mcp - the local MCP server implementation.