google-workspace-mcp

google-workspace-mcp

Enables multi-user access to Google Workspace services (Gmail, Calendar, Docs, Sheets, Slides, Drive) via remote MCP with OAuth 2.1 authentication.

Category
Visit Server

README

google-workspace-mcp (deploy)

Deployment for the workspace-mcp server (Gmail / Calendar / Docs / Sheets / Slides / Drive) as a remote, multi-user MCP server in OAuth 2.1 mode for a single Google Workspace organization.

One Google OAuth "Internal" app serves everyone: each user connects the remote MCP once, authorises with their corporate Google account, and the server stores their personal refresh token under the data/ volume. Users only click "Authorize"; the app credentials (client_id/client_secret) identify the app, not the user.

The whole application is the pinned upstream workspace-mcp package baked into an image; there is no first-party code here. Upgrade by bumping the == pin in requirements.txt.

Prerequisites

1. Google Cloud — Internal OAuth app (once)

  • Create a project in your Workspace organization (so User type: Internal is available — this removes the CASA/verification and 100-user limits).
  • Enable the APIs you need (Drive, Docs, Sheets, Gmail, Calendar, …).
  • OAuth consent screen → User type: Internal; add the required scopes (prefer the narrowest, e.g. drive.file over full drive when it suffices).
  • Create an OAuth client → Web application. Add the Authorized redirect URI: https://<WORKSPACE_DOMAIN>/oauth2callback
  • Copy the client id/secret into .env.
  • Optional: an admin can mark this OAuth client Trusted in the Admin Console (Security → API controls → App access control) so users skip the consent screen.

2. Host — Traefik + DNS (see the org's Traefik guide)

  • DNS A-record <WORKSPACE_DOMAIN> → the host's public IP.
  • Router/NAT: forward both 80 and 443 (80 is needed for the ACME HTTP-01 challenge and the http→https redirect).
  • Traefik stack must have the letsEncrypt resolver and a global http→https redirect. Without it, plain http returns 404 and the cert will not issue.
  • A shared external Docker network docker_main_net must exist (Traefik lives on it). make net creates it if missing, and make up calls it automatically.

Configure & run

make env          # create .env from .env.example
# edit .env:
#   GOOGLE_OAUTH_CLIENT_ID=...apps.googleusercontent.com
#   GOOGLE_OAUTH_CLIENT_SECRET=...
#   WORKSPACE_DOMAIN=mcp.example.com
make config       # validate compose + .env substitution
make up           # start (image pulled from ghcr.io, published via Traefik)
make logs         # follow logs

make help lists all targets (env, config, build, pull, net, up, down, restart, logs).

How users connect

Add the remote MCP connector URL in the client (e.g. Claude):

https://<WORKSPACE_DOMAIN>/mcp

On first use the user is redirected to the Google consent screen (their corporate account) and then works against their own Drive/Gmail/etc. If the OAuth client is marked Trusted, no consent screen appears.

Environment variables

Variable Where Meaning
GOOGLE_OAUTH_CLIENT_ID .env OAuth client id of the Internal app
GOOGLE_OAUTH_CLIENT_SECRET .env OAuth client secret
WORKSPACE_DOMAIN .env Public host; drives WORKSPACE_EXTERNAL_URL and the Traefik router
MCP_ENABLE_OAUTH21 compose true — multi-user OAuth 2.1 mode
WORKSPACE_MCP_HOST / WORKSPACE_MCP_PORT compose bind 0.0.0.0:8000
WORKSPACE_MCP_CREDENTIALS_DIR compose per-user token dir under /app/data
IMAGE .env (optional) Full ghcr.io image path; must equal your GitHub repo path

Upgrading the server

Bump the pin in requirements.txt (e.g. workspace-mcp==1.22.0 → newer), push to main; CI smoke-tests, builds and pushes :latest, and watchtower redeploys.

Claude Code & CIMD

Claude Code 2.1.x is CIMD-first: if the server advertised client_id_metadata_document_supported, Claude would send client_id=https://claude.ai/oauth/claude-code-client-metadata, which this server cannot fetch through Cloudflare (302 to datacenter IPs) → 400 "unregistered client". So the image applies a build-time patch (patches/disable_cimd.py) that disables CIMD; Claude Code then uses Dynamic Client Registration (DCR), which works here.

  • Toggle with WORKSPACE_MCP_ENABLE_CIMD (default false = CIMD off).
  • A workspace-mcp version bump may require updating the patch — the build fails loudly if the upstream call site changed (see patches/README.md).

Security notes

  • The data/ volume holds every user's Google refresh token — a high-value target. Restrict host access, back it up carefully, and consider disk encryption. For a hardened remote setup, upstream also supports a GCS credential backend (WORKSPACE_MCP_CREDENTIAL_STORE_BACKEND=gcs).
  • Grant the OAuth app the minimum scopes required.
  • Never commit .env; the committed files contain only placeholders.
  • The container runs as root (matching the Traefik/compose convention). For extra isolation you may add a non-root USER to the Dockerfile (keep /app/data writable) and set WORKSPACE_MCP_ALLOWED_CLIENT_REDIRECT_URIS to restrict which OAuth client redirect URIs the server accepts.

Conventions

Follows the org's «Как создавать проект» guide, adapted for a third-party app: state in data/, config from ENV/.env, prebuilt ghcr.io image behind Traefik with watchtower, CI gating the build. See AGENTS.md.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured