google_workspace_mcp

taylorwilsdon/google_workspace_mcp

3.7

If you are the rightful owner of google_workspace_mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Google Workspace MCP Server is a comprehensive solution for integrating Google Workspace services with AI assistants, providing natural language control over various Google applications.

Tools
5
Resources
0
Prompts
0

Google Workspace MCP Server

License: MIT Python 3.10+ PyPI PyPI Downloads Website

Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, and Chat through all MCP clients, AI assistants and developer tools.

The most feature-complete Google Workspace MCP server, now with Remote OAuth2.1 multi-user support and 1-click Claude installation.

Support for all free Google accounts (Gmail, Docs, Drive etc) & Google Workspace plans (Starter, Standard, Plus, Enterprise, Non Profit) with expanded app options like Chat & Spaces.
Interested in a private cloud instance? That can be arranged.

See it in action:


A quick plug for AI-Enhanced Docs

β—† But why?

This README was written with AI assistance, and here's why that matters

As a solo dev building open source tools, comprehensive documentation often wouldn't happen without AI help. Using agentic dev tools like Roo & Claude Code that understand the entire codebase, AI doesn't just regurgitate generic content - it extracts real implementation details and creates accurate, specific documentation.

In this case, Sonnet 4 took a pass & a human (me) verified them 8/16/25.

Overview

A production-ready MCP server that integrates all major Google Workspace services with AI assistants. It supports both single-user operation and multi-user authentication via OAuth 2.1, making it a powerful backend for custom applications. Built with FastMCP for optimal performance, featuring advanced authentication handling, service caching, and streamlined development patterns.

Simplified Setup: Now uses Google Desktop OAuth clients - no redirect URIs or port configuration needed!

Features

@ Gmail β€’ ≑ Drive β€’ β§– Calendar ≑ Docs

  • Complete Gmail management, end to end coverage
  • Full calendar management with advanced capabilities
  • File operations with Office format support
  • Document creation, editing & comment management
  • Deep, exhaustive support for fine grained editing

≑ Forms β€’ @ Chat β€’ ≑ Sheets β€’ ≑ Slides

  • Form creation, publish settings & response management
  • Space management & messaging capabilities
  • Spreadsheet operations with flexible cell management
  • Presentation creation, updates & content manipulation

⊠ Authentication & Security

  • Advanced OAuth 2.0 & OAuth 2.1 support
  • Automatic token refresh & session management
  • Transport-aware callback handling
  • Multi-user bearer token authentication
  • Innovative CORS proxy architecture

βœ“ Tasks β€’ β—† Custom Search β€’ ↻ Transport Support

  • Full support for all MCP Transports
  • OpenAPI compatibility via mcpo
  • Task & task list management with hierarchy
  • Programmable Search Engine (PSE) integration

β–Ά Quick Start

≑ Quick Reference Card ← Essential commands & configs at a glance

⊠ Credentials

export GOOGLE_OAUTH_CLIENT_ID="..."
export GOOGLE_OAUTH_CLIENT_SECRET="..."

Full setup β†’

β–Ά Launch Commands

uvx workspace-mcp --tool-tier core
uv run main.py --tools gmail drive

More options β†’

β˜… Tool Tiers

  • ● core - Essential tools
  • ◐ extended - Core + extras
  • β—‹ complete - Everything Details β†’

1. One-Click Claude Desktop Install (Recommended)

  1. Download: Grab the latest google_workspace_mcp.dxt from the β€œReleases” page
  2. Install: Double-click the file – Claude Desktop opens and prompts you to Install
  3. Configure: In Claude Desktop β†’ Settings β†’ Extensions β†’ Google Workspace MCP, paste your Google OAuth credentials
  4. Use it: Start a new Claude chat and call any Google Workspace tool

Why DXT?

Desktop Extensions (.dxt) bundle the server, dependencies, and manifest so users go from download β†’ working MCP in one click – no terminal, no JSON editing, no version conflicts.

Required Configuration
β—† Environment Variables ← Click to configure in Claude Desktop

Required

VariablePurpose
GOOGLE_OAUTH_CLIENT_IDOAuth client ID from Google Cloud
GOOGLE_OAUTH_CLIENT_SECRETOAuth client secret
OAUTHLIB_INSECURE_TRANSPORT=1Development only (allows http:// redirect)

Optional

VariablePurpose
USER_GOOGLE_EMAILDefault email for single-user auth
GOOGLE_PSE_API_KEYAPI key for Custom Search
GOOGLE_PSE_ENGINE_IDSearch Engine ID for Custom Search
MCP_ENABLE_OAUTH21Set to true for OAuth 2.1 support

Claude Desktop stores these securely in the OS keychain; set them once in the extension pane.



Prerequisites

  • Python 3.10+
  • uvx (for instant installation) or uv (for development)
  • Google Cloud Project with OAuth 2.0 credentials

Configuration

β—† Google Cloud Setup ← OAuth 2.0 credentials & API enablement

1. Create Project

console.cloud.google.com

β†’ Create new project
β†’ Note project name

Open Console β†’

2. OAuth Credentials

APIs & Services β†’ Credentials
β†’ Create Credentials
β†’ OAuth Client ID
β†’ Desktop Application

Download & save credentials

3. Enable APIs

APIs & Services β†’ Library

Search & enable:
Calendar, Drive, Gmail,
Docs, Sheets, Slides,
Forms, Tasks, Chat, Search

See quick links below

≑ OAuth Credential Setup Guide ← Step-by-step instructions

Complete Setup Process:

  1. Create OAuth 2.0 Credentials - Visit Google Cloud Console

    • Create a new project (or use existing)
    • Navigate to APIs & Services β†’ Credentials
    • Click Create Credentials β†’ OAuth Client ID
    • Choose Desktop Application as the application type (no redirect URIs needed!)
    • Download credentials and note the Client ID and Client Secret
  2. Enable Required APIs - In APIs & Services β†’ Library

    • Search for and enable each required API
    • Or use the quick links below for one-click enabling
  3. Configure Environment - Set your credentials:

    export GOOGLE_OAUTH_CLIENT_ID="your-client-id"
    export GOOGLE_OAUTH_CLIENT_SECRET="your-secret"
    

≑ Full Documentation β†’

βŠ₯ Quick API Enable Links ← One-click enable each Google API You can enable each one by clicking the links below (make sure you're logged into the Google Cloud Console and have the correct project selected):

1.1. Credentials: See Credential Configuration for detailed setup options

  1. Environment Configuration:
β—† Environment Variables ← Configure your runtime environment

β—† Development Mode

export OAUTHLIB_INSECURE_TRANSPORT=1

Allows HTTP redirect URIs

@ Default User

export USER_GOOGLE_EMAIL=\
  your.email@gmail.com

Single-user authentication

β—† Custom Search

export GOOGLE_PSE_API_KEY=xxx
export GOOGLE_PSE_ENGINE_ID=yyy

Optional: Search API setup

  1. Server Configuration:
β—† Server Settings ← Customize ports, URIs & proxies

β—† Base Configuration

export WORKSPACE_MCP_BASE_URI=
  http://localhost
export WORKSPACE_MCP_PORT=8000

Server URL & port settings

↻ Proxy Support

export MCP_ENABLE_OAUTH21=
  true

Leverage multi-user OAuth2.1 clients

@ Default Email

export USER_GOOGLE_EMAIL=\
  your.email@gmail.com

Skip email in auth flows in single user mode

≑ Configuration Details ← Learn more about each setting
VariableDescriptionDefault
WORKSPACE_MCP_BASE_URIBase server URI (no port)http://localhost
WORKSPACE_MCP_PORTServer listening port8000
GOOGLE_OAUTH_REDIRECT_URIOverride OAuth callback URLAuto-constructed
USER_GOOGLE_EMAILDefault auth emailNone

Google Custom Search Setup

β—† Custom Search Configuration ← Enable web search capabilities

1. Create Search Engine

programmablesearchengine.google.com
/controlpanel/create

β†’ Configure sites or entire web
β†’ Note your Engine ID (cx)

Open Control Panel β†’

2. Get API Key

developers.google.com
/custom-search/v1/overview

β†’ Create/select project
β†’ Enable Custom Search API
β†’ Create credentials (API Key)

Get API Key β†’

3. Set Variables

export GOOGLE_PSE_API_KEY=\
  "your-api-key"
export GOOGLE_PSE_ENGINE_ID=\
  "your-engine-id"

Configure in environment

≑ Quick Setup Guide ← Step-by-step instructions

Complete Setup Process:

  1. Create Search Engine - Visit the Control Panel

    • Choose "Search the entire web" or specify sites
    • Copy the Search Engine ID (looks like: 017643444788157684527:6ivsjbpxpqw)
  2. Enable API & Get Key - Visit Google Developers Console

    • Enable "Custom Search API" in your project
    • Create credentials β†’ API Key
    • Restrict key to Custom Search API (recommended)
  3. Configure Environment - Add to your shell or .env:

    export GOOGLE_PSE_API_KEY="AIzaSy..."
    export GOOGLE_PSE_ENGINE_ID="01764344478..."
    

≑ Full Documentation β†’

Start the Server

β–Ά Launch Commands ← Choose your startup mode

β–Ά Quick Start

uv run main.py

Default stdio mode

β—† HTTP Mode

uv run main.py \
  --transport streamable-http

Web interfaces & debugging

@ Single User

uv run main.py \
  --single-user

Simplified authentication

β—† Advanced Options ← Tool selection, tiers & Docker

β–Ά Selective Tool Loading

# Load specific services only
uv run main.py --tools gmail drive calendar
uv run main.py --tools sheets docs

# Combine with other flags
uv run main.py --single-user --tools gmail

β˜… Tool Tiers

uv run main.py --tool-tier core      # ● Essential tools only
uv run main.py --tool-tier extended  # ◐ Core + additional
uv run main.py --tool-tier complete  # β—‹ All available tools

β—† Docker Deployment

docker build -t workspace-mcp .
docker run -p 8000:8000 -v $(pwd):/app \
  workspace-mcp --transport streamable-http

Available Services: gmail β€’ drive β€’ calendar β€’ docs β€’ sheets β€’ forms β€’ tasks β€’ chat β€’ search

Tool Tiers

The server organizes tools into three progressive tiers for simplified deployment. Choose a tier that matches your usage needs and API quota requirements.

Available Tiers

● Core (--tool-tier core) Essential tools for everyday tasks. Perfect for light usage with minimal API quotas. Includes search, read, create, and basic modify operations across all services.

● Extended (--tool-tier extended) Core functionality plus management tools. Adds labels, folders, batch operations, and advanced search. Ideal for regular usage with moderate API needs.

● Complete (--tool-tier complete) Full API access including comments, headers/footers, publishing settings, and administrative functions. For power users needing maximum functionality.

Important Notes

β–Ά Start with core and upgrade as needed β–Ά Tiers are cumulative – each includes all previous β–Ά Mix and match with --tools for specific services β–Ά Configuration in core/tool_tiers.yaml β–Ά Authentication included in all tiers

Usage Examples
# Basic tier selection
uv run main.py --tool-tier core                            # Start with essential tools only
uv run main.py --tool-tier extended                        # Expand to include management features
uv run main.py --tool-tier complete                        # Enable all available functionality

# Selective service loading with tiers
uv run main.py --tools gmail drive --tool-tier core        # Core tools for specific services
uv run main.py --tools gmail --tool-tier extended          # Extended Gmail functionality only
uv run main.py --tools docs sheets --tool-tier complete    # Full access to Docs and Sheets

πŸ“‹ Credential Configuration

πŸ”‘ OAuth Credentials Setup ← Essential for all installations

πŸš€ Environment Variables

export GOOGLE_OAUTH_CLIENT_ID=\
  "your-client-id"
export GOOGLE_OAUTH_CLIENT_SECRET=\
  "your-secret"

Best for production

πŸ“ File-based

# Download & place in project root
client_secret.json

# Or specify custom path
export GOOGLE_CLIENT_SECRET_PATH=\
  /path/to/secret.json

Traditional method

⚑ .env File

cp .env.oauth21 .env
# Edit .env with credentials

Best for development

πŸ“– Credential Loading Details ← Understanding priority & best practices

Loading Priority

  1. Environment variables (export VAR=value)
  2. .env file in project root
  3. client_secret.json via GOOGLE_CLIENT_SECRET_PATH
  4. Default client_secret.json in project root

Why Environment Variables?

  • βœ… Docker/K8s ready - Native container support
  • βœ… Cloud platforms - Heroku, Railway, Vercel
  • βœ… CI/CD pipelines - GitHub Actions, Jenkins
  • βœ… No secrets in git - Keep credentials secure
  • βœ… Easy rotation - Update without code changes

🧰 Available Tools

Note: All tools support automatic authentication via @require_google_service() decorators with 30-minute service caching.

πŸ“… Google Calendar

ToolTierDescription
list_calendarsCoreList accessible calendars
get_eventsCoreRetrieve events with time range filtering
create_eventCoreCreate events with attachments & reminders
modify_eventCoreUpdate existing events
delete_eventExtendedRemove events

πŸ“ Google Drive

ToolTierDescription
search_drive_filesCoreSearch files with query syntax
get_drive_file_contentCoreRead file content (Office formats)
list_drive_itemsExtendedList folder contents
create_drive_fileCoreCreate files or fetch from URLs

πŸ“§ Gmail

ToolTierDescription
search_gmail_messagesCoreSearch with Gmail operators
get_gmail_message_contentCoreRetrieve message content
get_gmail_messages_content_batchCoreBatch retrieve message content
send_gmail_messageCoreSend emails
get_gmail_thread_contentExtendedGet full thread content
modify_gmail_message_labelsExtendedModify message labels
list_gmail_labelsExtendedList available labels
manage_gmail_labelExtendedCreate/update/delete labels
draft_gmail_messageExtendedCreate drafts
get_gmail_threads_content_batchCompleteBatch retrieve thread content
batch_modify_gmail_message_labelsCompleteBatch modify labels
start_google_authCompleteInitialize authentication

πŸ“ Google Docs

ToolTierDescription
get_doc_contentCoreExtract document text
create_docCoreCreate new documents
modify_doc_textCoreModify document text
search_docsExtendedFind documents by name
find_and_replace_docExtendedFind and replace text
list_docs_in_folderExtendedList docs in folder
insert_doc_elementsExtendedAdd tables, lists, page breaks
insert_doc_imageCompleteInsert images from Drive/URLs
update_doc_headers_footersCompleteModify headers and footers
batch_update_docCompleteExecute multiple operations
inspect_doc_structureCompleteAnalyze document structure
create_table_with_dataCompleteCreate data tables
debug_table_structureCompleteDebug table issues
*_document_commentsCompleteRead, Reply, Create, Resolve

πŸ“Š Google Sheets

ToolTierDescription
read_sheet_valuesCoreRead cell ranges
modify_sheet_valuesCoreWrite/update/clear cells
create_spreadsheetCoreCreate new spreadsheets
list_spreadsheetsExtendedList accessible spreadsheets
get_spreadsheet_infoExtendedGet spreadsheet metadata
create_sheetCompleteAdd sheets to existing files
*_sheet_commentCompleteRead/create/reply/resolve comments

πŸ–ΌοΈ Google Slides

ToolTierDescription
create_presentationCoreCreate new presentations
get_presentationCoreRetrieve presentation details
batch_update_presentationExtendedApply multiple updates
get_pageExtendedGet specific slide information
get_page_thumbnailExtendedGenerate slide thumbnails
*_presentation_commentCompleteRead/create/reply/resolve comments

πŸ“ Google Forms

ToolTierDescription
create_formCoreCreate new forms
get_formCoreRetrieve form details & URLs
set_publish_settingsCompleteConfigure form settings
get_form_responseCompleteGet individual responses
list_form_responsesExtendedList all responses with pagination

βœ“ Google Tasks

ToolTierDescription
list_tasksCoreList tasks with filtering
get_taskCoreRetrieve task details
create_taskCoreCreate tasks with hierarchy
update_taskCoreModify task properties
delete_taskExtendedRemove tasks
move_taskCompleteReposition tasks
clear_completed_tasksCompleteHide completed tasks
*_task_listCompleteList/get/create/update/delete task lists

πŸ’¬ Google Chat

ToolTierDescription
list_spacesExtendedList chat spaces/rooms
get_messagesCoreRetrieve space messages
send_messageCoreSend messages to spaces
search_messagesCoreSearch across chat history

πŸ” Google Custom Search

ToolTierDescription
search_customCorePerform web searches
get_search_engine_infoCompleteRetrieve search engine metadata
search_custom_siterestrictExtendedSearch within specific domains

Tool Tier Legend:

  • β€’ Core: Essential tools for basic functionality β€’ Minimal API usage β€’ Getting started
  • β€’ Extended: Core tools + additional features β€’ Regular usage β€’ Expanded capabilities
  • β€’ Complete: All available tools including advanced features β€’ Power users β€’ Full API access

Connect to Claude Desktop

The server supports two transport modes:

Stdio Mode (Default - Recommended for Claude Desktop)

In general, you should use the one-click DXT installer package for Claude Desktop. If you are unable to for some reason, you can configure it manually via claude_desktop_config.json

Manual Claude Configuration (Alternative)

πŸ“ Claude Desktop JSON Config ← Click for manual setup instructions
  1. Open Claude Desktop Settings β†’ Developer β†’ Edit Config

    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Windows: %APPDATA%\Claude\claude_desktop_config.json
  2. Add the server configuration:

{
  "mcpServers": {
    "google_workspace": {
      "command": "uvx",
      "args": ["workspace-mcp"],
      "env": {
        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id",
        "GOOGLE_OAUTH_CLIENT_SECRET": "your-secret",
        "OAUTHLIB_INSECURE_TRANSPORT": "1"
      }
    }
  }
}

2. Advanced / Cross-Platform Installation

If you’re developing, deploying to servers, or using another MCP-capable client, keep reading.

Instant CLI (uvx)
⚑ Quick Start with uvx ← No installation required!
# Requires Python 3.10+ and uvx
# First, set credentials (see Credential Configuration above)
uvx workspace-mcp --tool-tier core  # or --tools gmail drive calendar

Note: Configure OAuth credentials before running. Supports environment variables, .env file, or client_secret.json.

OAuth 2.1 Support (Multi-User Bearer Token Authentication)

The server includes OAuth 2.1 support for bearer token authentication, enabling multi-user session management. OAuth 2.1 automatically reuses your existing GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET credentials - no additional configuration needed!

When to use OAuth 2.1:

  • Multiple users accessing the same MCP server instance
  • Need for bearer token authentication instead of passing user emails
  • Building web applications or APIs on top of the MCP server
  • Production environments requiring secure session management
  • Browser-based clients requiring CORS support

Enabling OAuth 2.1: To enable OAuth 2.1, set the MCP_ENABLE_OAUTH21 environment variable to true.

# OAuth 2.1 requires HTTP transport mode
export MCP_ENABLE_OAUTH21=true
uv run main.py --transport streamable-http

If MCP_ENABLE_OAUTH21 is not set to true, the server will use legacy authentication, which is suitable for clients that do not support OAuth 2.1.

πŸ” Innovative CORS Proxy Architecture ← Advanced OAuth 2.1 details

This implementation solves two critical challenges when using Google OAuth in browser environments:

  1. Dynamic Client Registration: Google doesn't support OAuth 2.1 dynamic client registration. Our server provides a clever proxy that accepts any client registration request and returns the pre-configured Google OAuth credentials, allowing standards-compliant clients to work seamlessly.

  2. CORS Issues: Google's OAuth endpoints don't include CORS headers, blocking browser-based clients. We implement intelligent proxy endpoints that:

  • Proxy authorization server discovery requests through /auth/discovery/authorization-server/{server}
  • Proxy token exchange requests through /oauth2/token
  • Add proper CORS headers to all responses
  • Maintain security by only proxying to known Google OAuth endpoints

This architecture enables any OAuth 2.1 compliant client to authenticate users through Google, even from browser environments, without requiring changes to the client implementation.

MCP Inspector: No additional configuration needed with desktop OAuth client.

Claude Code Inspector: No additional configuration needed with desktop OAuth client.

VS Code MCP Client Support

πŸ†š VS Code Configuration ← Setup for VS Code MCP extension
{
    "servers": {
        "google-workspace": {
            "url": "http://localhost:8000/mcp/",
            "type": "http"
        }
    }
}
Reverse Proxy Setup

If you're running the MCP server behind a reverse proxy (nginx, Apache, Cloudflare, etc.), you'll need to configure GOOGLE_OAUTH_REDIRECT_URI to match your external URL:

Problem: When behind a reverse proxy, the server constructs redirect URIs using internal ports (e.g., http://localhost:8000/oauth2callback) but Google expects the external URL (e.g., https://your-domain.com/oauth2callback).

You also have options for: | OAUTH_CUSTOM_REDIRECT_URIS (optional) | Comma-separated list of additional redirect URIs | | OAUTH_ALLOWED_ORIGINS (optional) | Comma-separated list of additional CORS origins |

Solution: Set GOOGLE_OAUTH_REDIRECT_URI to your external URL:

# External URL without port (nginx/Apache handling HTTPS)
export GOOGLE_OAUTH_REDIRECT_URI="https://your-domain.com/oauth2callback"

# Or with custom port if needed
export GOOGLE_OAUTH_REDIRECT_URI="https://your-domain.com:8443/oauth2callback"

Important:

  • The redirect URI must exactly match what's configured in your Google Cloud Console
  • The server will use this value for all OAuth flows instead of constructing it from WORKSPACE_MCP_BASE_URI and WORKSPACE_MCP_PORT
  • Your reverse proxy must forward /oauth2callback requests to the MCP server
πŸš€ Advanced uvx Commands ← More startup options
# Configure credentials first (see Credential Configuration section)

# Start with specific tools only
uvx workspace-mcp --tools gmail drive calendar tasks

# Start with tool tiers (recommended for most users)
uvx workspace-mcp --tool-tier core      # Essential tools
uvx workspace-mcp --tool-tier extended  # Core + additional features
uvx workspace-mcp --tool-tier complete  # All tools

# Start in HTTP mode for debugging
uvx workspace-mcp --transport streamable-http

Requires Python 3.10+ and uvx. The package is available on PyPI.

Development Installation

For development or customization:

git clone https://github.com/taylorwilsdon/google_workspace_mcp.git
cd google_workspace_mcp
uv run main.py

Development Installation (For Contributors):

πŸ”§ Developer Setup JSON ← For contributors & customization
{
  "mcpServers": {
    "google_workspace": {
      "command": "uv",
      "args": [
        "run",
        "--directory",
        "/path/to/repo/google_workspace_mcp",
        "main.py"
      ],
      "env": {
        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id",
        "GOOGLE_OAUTH_CLIENT_SECRET": "your-secret",
        "OAUTHLIB_INSECURE_TRANSPORT": "1"
      }
    }
  }
}
HTTP Mode (For debugging or web interfaces)

If you need to use HTTP mode with Claude Desktop:

{
  "mcpServers": {
    "google_workspace": {
      "command": "npx",
      "args": ["mcp-remote", "http://localhost:8000/mcp"]
    }
  }
}

Note: Make sure to start the server with --transport streamable-http when using HTTP mode.

First-Time Authentication

The server uses Google Desktop OAuth for simplified authentication:

  • No redirect URIs needed: Desktop OAuth clients handle authentication without complex callback URLs
  • Automatic flow: The server manages the entire OAuth process transparently
  • Transport-agnostic: Works seamlessly in both stdio and HTTP modes

When calling a tool:

  1. Server returns authorization URL
  2. Open URL in browser and authorize
  3. Google provides an authorization code
  4. Paste the code when prompted (or it's handled automatically)
  5. Server completes authentication and retries your request

β—† Development

Project Structure

google_workspace_mcp/
β”œβ”€β”€ auth/              # Authentication system with decorators
β”œβ”€β”€ core/              # MCP server and utilities
β”œβ”€β”€ g{service}/        # Service-specific tools
β”œβ”€β”€ main.py            # Server entry point
β”œβ”€β”€ client_secret.json # OAuth credentials (not committed)
└── pyproject.toml     # Dependencies

Adding New Tools

from auth.service_decorator import require_google_service

@require_google_service("drive", "drive_read")  # Service + scope group
async def your_new_tool(service, param1: str, param2: int = 10):
    """Tool description"""
    # service is automatically injected and cached
    result = service.files().list().execute()
    return result  # Return native Python objects

Architecture Highlights

  • Service Caching: 30-minute TTL reduces authentication overhead
  • Scope Management: Centralized in SCOPE_GROUPS for easy maintenance
  • Error Handling: Native exceptions instead of manual error construction
  • Multi-Service Support: @require_multiple_services() for complex tools

⊠ Security

  • Credentials: Never commit .env, client_secret.json or the .credentials/ directory to source control!
  • OAuth Callback: Uses http://localhost:8000/oauth2callback for development (requires OAUTHLIB_INSECURE_TRANSPORT=1)
  • Transport-Aware Callbacks: Stdio mode starts a minimal HTTP server only for OAuth, ensuring callbacks work in all modes
  • Production: Use HTTPS & OAuth 2.1 and configure accordingly
  • Network Exposure: Consider authentication when using mcpo over networks
  • Scope Minimization: Tools request only necessary permissions

β—† Integration with Open WebUI

β—† Open WebUI Integration ← Connect to Open WebUI as tool provider

β–Ά Instant Start (No Config)

# Set credentials & launch in one command
GOOGLE_OAUTH_CLIENT_ID="your_id" \
GOOGLE_OAUTH_CLIENT_SECRET="your_secret" \
uvx mcpo --port 8000 --api-key "secret" \
-- uvx workspace-mcp

β—† Manual Configuration

  1. Create config.json:
{
  "mcpServers": {
    "google_workspace": {
      "type": "streamablehttp",
      "url": "http://localhost:8000/mcp"
    }
  }
}
  1. Start MCPO:
mcpo --port 8001 --config config.json

≑ Configure Open WebUI

  1. Navigate to Settings β†’ Connections β†’ Tools
  2. Click Add Tool and enter:
    • Server URL: http://localhost:8001/google_workspace
    • API Key: Your mcpo --api-key (if set)
  3. Save - Google Workspace tools are now available!

≑ License

MIT License - see LICENSE file for details.


Validations: MCP Badge

Verified on MseeP