MCP.so
Sign In
Servers

Google Workspace MCP Server

@taylorwilsdon

Control Gmail, Google Calendar, Docs, Sheets, Slides, Chat, Forms, Tasks, Search & Drive with AI - Comprehensive Google Workspace / G Suite MCP Server & CLI Tool

License: MIT Python 3.10+ PyPI PyPI Downloads Website

Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, Contacts, and Chat through all MCP clients, AI assistants and developer tools.

Includes a full featured CLI & Code Mode for use with tools like Claude Code and Codex!

The most feature-complete Google Workspace MCP server, it can do things that Google's own tooling and the built in integrations with Claude and ChatGPT can't even dream of. With Remote OAuth2.1 multi-user support, fine-grained editing tools and the most extensive coverage of any Google Workspace tool in existance, Workspace MCP is in a different class. Offering native OAuth 2.1, stateless mode and external auth server support, it's also the only Workspace MCP you can host for your whole organization centrally & securely!

Support for all free Google accounts & Google Workspace plans (Starter, Standard, Plus, Enterprise, Non Profit) with expanded app options like Chat & Spaces.

Interested in a private, managed cloud instance? That can be arranged.

Read the Docs
Quick Start Guide


See it in action:


Overview

Workspace MCP is the single most complete MCP server, the only that integrates all major Google Workspace services with AI assistants and all agent platforms. The entire toolset is available for CLI usage supporting both local and remote instances.

Features

12 services  —  Gmail · Drive · Calendar · Docs · Sheets · Slides · Forms · Chat · Apps Script · Tasks · Contacts · Search

📧 Gmail — Complete email management, end-to-end coverage
📁 Drive — File operations with sharing, permissions, Office files, PDFs & images
📅 Calendar — Full event management with advanced features
📝 Docs — Deep, fine-grained editing, formatting & comments
📊 Sheets — Flexible cell management, formatting & conditional rules
🖼️ Slides — Presentation creation, updates & content manipulation
📋 Forms — Creation, publish settings & response management
💬 Chat — Space management, messaging & reactions

⚡ Apps Script — Cross-application workflow automation
 Projects · deployments · versions · execution · debugging

✅ Tasks — Task & list management with hierarchy
👤 Contacts — People API with groups & batch operations
🔍 Custom Search — Programmable Search Engine integration


🔐 Authentication & Security
OAuth 2.0 & 2.1 · auto token refresh · multi-user bearer tokens · transport-aware callbacks · CORS proxy


Security & Compliance

For Security Teams

This server sends no data anywhere except Google's APIs, on behalf of the authenticated user, using your own OAuth client credentials. There is no telemetry, no usage reporting, no analytics, no license server, and no SaaS dependency. The entire data path is: your infrastructure → Google APIs.

  • Fully open source — every line is auditable in this repo
  • Your OAuth client, your GCP project — credentials never leave your environment
  • You control the scopes — read-only, granular per-service permissions, or full access
  • You control the network — deploy behind your reverse proxy, in your VPC, on your own terms
  • No third-party services — no intermediary servers, no token relays, no hosted backends
  • Stateless mode — zero disk writes for locked-down container environments
  • Sensitive path blocking — local file reads default to the managed attachment directory, and validate_file_path() still blocks .env* files plus common home-directory credential stores such as ~/.ssh/ and ~/.aws/ even if ALLOWED_FILE_DIRS is broadened

Full dependency tree in pyproject.toml, pinned in uv.lock.

For Legal & Procurement

This project is MIT licensed — not "open core," not "source available," not "free with a CLA." There is no dual licensing, no commercial tier gating features, and no contributor license agreement.

  • Use commercially without restriction — build products, sell services, deploy internally
  • Fork, embed, redistribute — MIT requires only attribution
  • No CLA — contributions remain under MIT
  • No telemetry to disclose — nothing to flag in a privacy review
  • No network effects — the server never contacts any endpoint you didn't configure
  • Standard dependency licenses — MIT, Apache 2.0, and BSD throughout the dependency chain; no copyleft, no AGPL

The license is 21 lines and says what it means.


Quick Start

Set credentials → pick a launch command → connect your client

💡 New to Workspace MCP? Check out the Interactive Quick Start Guide → with step-by-step setup, screenshots, and troubleshooting tips!

Confidential Client Quick Start

# 1. Credentials
export GOOGLE_OAUTH_CLIENT_ID="..."
export GOOGLE_OAUTH_CLIENT_SECRET="..."

# 2. Launch — pick a tier
uvx workspace-mcp --tool-tier core       # essential tools
uvx workspace-mcp --tool-tier extended   # core + management ops
uvx workspace-mcp --tool-tier complete   # everything

# Or cherry-pick services
uv run main.py --tools gmail drive calendar

Secretless / Public OAuth 2.1 (PKCE) Quick Start

# 1. Credentials
export MCP_ENABLE_OAUTH21=true
export GOOGLE_OAUTH_CLIENT_ID="..."
export WORKSPACE_MCP_PORT=8000
export GOOGLE_OAUTH_REDIRECT_URI="http://localhost:${WORKSPACE_MCP_PORT}/oauth2callback"
export OAUTHLIB_INSECURE_TRANSPORT=1
# Leave GOOGLE_OAUTH_CLIENT_SECRET unset for public PKCE clients
export FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY="$(openssl rand -hex 32)"

# 2. Launch — OAuth 2.1 requires HTTP transport
uvx workspace-mcp --transport streamable-http --tool-tier core
uvx workspace-mcp --transport streamable-http --tool-tier extended
uvx workspace-mcp --transport streamable-http --tool-tier complete

# Or cherry-pick services
uv run main.py --transport streamable-http --tools gmail drive calendar

Credential setup → · All launch options → · Tier details →

Environment Variable Reference
VariablePurpose
🔐 Authentication
GOOGLE_OAUTH_CLIENT_IDrequiredOAuth client ID from Google Cloud
GOOGLE_OAUTH_CLIENT_SECRETOAuth client secret for confidential clients; optional for public OAuth 2.1 PKCE clients
OAUTHLIB_INSECURE_TRANSPORTrequired*Set to 1 for development — allows http:// redirect
USER_GOOGLE_EMAILDefault email for single-user auth
GOOGLE_CLIENT_SECRET_PATHCustom path to client_secret.json
GOOGLE_MCP_CREDENTIALS_DIRCredential directory — default ~/.google_workspace_mcp/credentials
🖥️ Server
WORKSPACE_MCP_BASE_URIBase server URI (no port) — default http://localhost
WORKSPACE_MCP_PORTListening port — default 8000. Also controls the stdio-mode OAuth callback port. The PORT env var takes precedence if set.
WORKSPACE_MCP_HOSTBind host — default 0.0.0.0 for OAuth 2.1 HTTP, 127.0.0.1 for legacy streamable HTTP.
WORKSPACE_MCP_TRANSPORTstdio or streamable-http; used when --transport is not passed
WORKSPACE_MCP_HTTP_PORTAdvanced legacy-stdio sidecar /mcp port for local workspace-cli access. Disabled when empty. Binds to 127.0.0.1 only and is accessible to local processes.
WORKSPACE_EXTERNAL_URLExternal URL for reverse proxy setups
WORKSPACE_MCP_BRAND_NAMEOAuth 2.1 consent-page server name — default FastMCP's name
WORKSPACE_MCP_BRAND_ICON_URLOAuth 2.1 consent-page logo (hosted URL or data: URI), shown at 64px wide — default FastMCP's logo
WORKSPACE_MCP_BRAND_WEBSITE_URLOAuth 2.1 consent-page website link
WORKSPACE_ATTACHMENT_DIRDownloaded attachments dir and default trusted local attachment directory — default ~/.workspace-mcp/attachments/
WORKSPACE_MCP_URLRemote MCP endpoint URL for CLI
ALLOWED_FILE_DIRSColon-separated allowlist for local file reads
🧰 Tool Selection
WORKSPACE_MCP_TOOLSComma-separated services, e.g. gmail,drive,calendar; empty means all services
WORKSPACE_MCP_TOOL_TIERcore, extended, or complete; empty means all tools
WORKSPACE_MCP_READ_ONLYtrue, 1, or yes to request read-only scopes and filter write tools
WORKSPACE_MCP_PERMISSIONSSpace-separated service:level entries, e.g. gmail:send drive:readonly; mutually exclusive with tools and read-only
🔑 OAuth 2.1 & Multi-User
MCP_ENABLE_OAUTH21true to enable OAuth 2.1 multi-user support. Required for remote or shared HTTP endpoints (--transport streamable-http); optional for local-only legacy HTTP, which binds to 127.0.0.1 by default.
EXTERNAL_OAUTH21_PROVIDERtrue for external OAuth flow with bearer tokens
WORKSPACE_MCP_STATELESS_MODEtrue for stateless container-friendly operation
WORKSPACE_MCP_LOG_DIRDirectory for mcp_server_debug.log — defaults to ~/.google_workspace_mcp/logs
GOOGLE_OAUTH_REDIRECT_URIOverride OAuth callback URL — default auto-constructed
OAUTH_CUSTOM_REDIRECT_URISComma-separated additional redirect URIs
OAUTH_ALLOWED_ORIGINSComma-separated additional CORS origins
WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKENDmemory, disk, or valkey — see storage backends
FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEYCustom encryption key for OAuth proxy storage; required for public OAuth 2.1 clients when GOOGLE_OAUTH_CLIENT_SECRET is omitted
WORKSPACE_MCP_ALLOWED_CLIENT_REDIRECT_URISComma-separated allowlist of redirect URIs that dynamically-registered OAuth clients may use. Default is unset (any URI permitted, per DCR). Supports FastMCP's glob patterns (*, *.example.com)
🗄️ Credential Store
WORKSPACE_MCP_CREDENTIAL_STORE_BACKENDlocal_directory (default) or gcs — see credential store system
WORKSPACE_MCP_CREDENTIALS_DIRDirectory for the local_directory backend
GOOGLE_MCP_CREDENTIALS_DIRBackward-compatible alias for WORKSPACE_MCP_CREDENTIALS_DIR
WORKSPACE_MCP_GCS_BUCKETRequired when backend is gcs — GCS bucket name
WORKSPACE_MCP_GCS_PREFIXOptional object-name prefix for the gcs backend
WORKSPACE_MCP_GCS_REQUIRE_CMEKtrue to require a bucket default KMS key at startup (fails fast if unset)
🔧 Service Account
GOOGLE_SERVICE_ACCOUNT_KEY_FILEPath to service account JSON key file (domain-wide delegation)
GOOGLE_SERVICE_ACCOUNT_KEY_JSONInline service account JSON key (alternative to file)
DWD_ALLOWED_DOMAINSComma-separated domain allowlist for per-request impersonation (optional)
🔍 Custom Search
GOOGLE_PSE_API_KEYAPI key for Programmable Search Engine
GOOGLE_PSE_ENGINE_IDSearch Engine ID for PSE

*Required for development only. Claude Desktop stores credentials securely in the OS keychain — set them once in the extension pane.


Quick Start — Connect Claude to Google Workspace

The recommended setup is to run an instance and connect Claude to it via a Connector. Full instructions at workspacemcp.com/quick-start.


Prerequisites

Python 3.10+ · uv/uvx · Google Cloud Project with OAuth 2.0 credentials

If you want the GCS credential store backend, install the optional dependency first:

uv sync --extra gcs
# or
pip install "workspace-mcp[gcs]"

Configuration

Google Cloud Setup
  1. Create ProjectOpen Console → → Create new project

  2. Create OAuth Credentials — APIs & Services → Credentials → Create Credentials → OAuth Client ID

    • Choose Desktop Application for a public PKCE client (no redirect URIs needed) or Web Application for a confidential client
    • Download and note your Client ID and, if issued, Client Secret
  3. Enable APIs — APIs & Services → Library, then enable each service:

    CalendarDriveGmailDocs
    SheetsSlidesFormsTasks
    ChatPeopleCustom SearchApps Script

    Google Chat needs extra setup. Enabling the API is not enough — you must also configure a Chat app and use a Workspace account. See Chat setup under the tool list.

  4. Set Credentials — see Environment Variable Reference above, or:

    export GOOGLE_OAUTH_CLIENT_ID="your-client-id"
    export GOOGLE_OAUTH_CLIENT_SECRET="your-secret"
    

    For public OAuth 2.1 PKCE clients, omit GOOGLE_OAUTH_CLIENT_SECRET and set FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY instead.

Full OAuth documentation → · Credential setup details →

Google Custom Search Setup

Custom Search Configuration ← Enable web search capabilities

1. Create Search Engine

programmablesearchengine.google.com
/controlpanel/create

→ Configure sites or entire web
→ Note your Engine ID (cx)

Open Control Panel →

2. Get API Key

developers.google.com
/custom-search/v1/overview

→ Create/select project
→ Enable Custom Search API
→ Create credentials (API Key)

Get API Key →

3. Set Variables

export GOOGLE_PSE_API_KEY=\
  "your-api-key"
export GOOGLE_PSE_ENGINE_ID=\
  "your-engine-id"

Configure in environment

Quick Setup Guide ← Step-by-step instructions

Complete Setup Process:

  1. Create Search Engine - Visit the Control Panel

    • Choose "Search the entire web" or specify sites
    • Copy the Search Engine ID (looks like: 017643444788157684527:6ivsjbpxpqw)
  2. Enable API & Get Key - Visit Google Developers Console

    • Enable "Custom Search API" in your project
    • Create credentials → API Key
    • Restrict key to Custom Search API (recommended)
  3. Configure Environment - Add to your shell or .env:

    export GOOGLE_PSE_API_KEY="AIzaSy..."
    export GOOGLE_PSE_ENGINE_ID="01764344478..."
    

Full Documentation →

Start the Server

📌 Transport Mode Guidance: Use streamable HTTP mode (--transport streamable-http) for all modern MCP clients including Claude Code, VS Code MCP, and MCP Inspector. For Claude Desktop, run an instance and connect via a Connector. Stdio mode is a legacy fallback. For deployments, prefer OAuth 2.1 with stateless mode (MCP_ENABLE_OAUTH21=true, WORKSPACE_MCP_STATELESS_MODE=true) unless you need local attachment or credential storage.

OAuth state safety: Legacy stdio starts a local-only OAuth callback server. In single-user mode only, it may recover a missing Google state parameter by consuming the most recent pending local OAuth state. This fallback is intentionally disabled outside single-user mode because it can cross session boundaries. Do not enable or emulate this behavior in streamable HTTP, hosted, or multi-user deployments; those modes must require an explicit state match.

Launch Commands ← Choose your startup mode

▶ Legacy Mode

uv run main.py

⚠️ Stdio mode (incomplete MCP clients only)

◆ HTTP Mode (Recommended)

export MCP_ENABLE_OAUTH21=true
export GOOGLE_OAUTH_CLIENT_ID="..."
uv run main.py \
  --transport streamable-http

✅ Full MCP spec compliance & OAuth 2.1

@ Single User

uv run main.py \
  --single-user

Simplified authentication ⚠️ Cannot be used with OAuth 2.1 mode

Advanced Options ← Tool selection, tiers & Docker

▶ Selective Tool Loading

# Load specific services only
uv run main.py --tools gmail drive calendar
uv run main.py --tools sheets docs

# Combine with other flags
uv run main.py --single-user --tools gmail

🔒 Read-Only Mode

# Requests only read-only scopes & disables write tools
uv run main.py --read-only

# Combine with specific tools or tiers
uv run main.py --tools gmail drive --read-only
uv run main.py --tool-tier core --read-only

Read-only mode provides secure, restricted access by:

  • Requesting only *.readonly OAuth scopes (e.g., gmail.readonly, drive.readonly)
  • Automatically filtering out tools that require write permissions at startup
  • Allowing read operations: list, get, search, and export across all services

🔐 Granular Permissions

# Per-service permission levels
uv run main.py --permissions gmail:organize drive:readonly

# Combine permissions with tier filtering
uv run main.py --permissions gmail:send drive:full --tool-tier core

Granular permissions mode provides service-by-service scope control:

  • Format: service:level (one entry per service)
  • Gmail levels: readonly, organize, drafts, send, full (cumulative)
  • Tasks levels: readonly, manage, full (cumulative; manage allows create/update/move but denies delete and clear_completed)
  • Other services currently support: readonly, full
  • --permissions and --read-only are mutually exclusive
  • --permissions cannot be combined with --tools; enabled services are determined by the --permissions entries (optionally filtered by --tool-tier)
  • With --tool-tier, only tier-matched tools are enabled and only services that have tools in the selected tier are imported

The WORKSPACE_MCP_TOOLS, WORKSPACE_MCP_TOOL_TIER, WORKSPACE_MCP_READ_ONLY, and WORKSPACE_MCP_PERMISSIONS environment variables provide the same controls for plugin and container installs. Empty strings are ignored. Non-empty malformed values fail closed at startup. Explicit CLI flags take precedence over mutually exclusive env vars.

Advanced legacy stdio sidecar

# Optional bridge only for local legacy stdio sessions
WORKSPACE_MCP_HTTP_PORT=8001 uv run main.py
workspace-cli --url http://127.0.0.1:8001/mcp list

The sidecar is disabled unless WORKSPACE_MCP_HTTP_PORT is set. It only exists to bridge local workspace-cli calls into a legacy stdio server. Do not use it for normal Claude Code, VS Code, hosted, or multi-user deployments; use streamable HTTP with OAuth 2.1 instead. When enabled, it validates ports in the 1..65535 range, binds to 127.0.0.1, and logs a warning if the port is already in use while keeping stdio running.

★ Tool Tiers

uv run main.py --tool-tier core      # ● Essential tools only
uv run main.py --tool-tier extended  # ◐ Core + additional
uv run main.py --tool-tier complete  # ○ All available tools

◆ Docker Deployment

docker build -t workspace-mcp .
docker run -p 8000:8000 -v $(pwd):/app \
  -e MCP_ENABLE_OAUTH21=true \
  -e GOOGLE_OAUTH_CLIENT_ID="..." \
  workspace-mcp --transport streamable-http

# With tool selection via environment variables
docker run -e TOOL_TIER=core workspace-mcp
docker run -e TOOLS="gmail drive calendar" workspace-mcp

Available Services: gmaildrivecalendardocssheetsformstaskscontactschatsearch

CLI

The workspace-cli command lists tools and calls them against a running server — with encrypted, disk-backed OAuth token caching so you only authenticate once. On first run it opens a browser for Google consent; subsequent runs reuse the cached tokens automatically.

Tokens are stored encrypted at ~/.workspace-mcp/cli-tokens/ using a Fernet key auto-generated at ~/.workspace-mcp/.cli-encryption-key.

To use workspace-cli globally, you'll want to start in this repo and run uv tool install .

Once complete, you'll have workspace-cli available globally via workspace-cli

Note: there is a public (but abandoned) pypi package with the same name - do not use uvx, as it will pull the wrong thing.

workspace-cli Commands ← Persistent OAuth, no re-auth on every call

▶ List Tools

uv run workspace-cli list
uv run workspace-cli --url https://custom.server/mcp list

# Or, if installed globally:
workspace-cli list
workspace-cli --url https://custom.server/mcp list

View all available tools

◆ Call a Tool

uv run workspace-cli call search_gmail_messages \
  query="is:unread" max_results=5

Execute a tool with key=value arguments

Set URL for remote endpoints with --url or the WORKSPACE_MCP_URL environment variable.

Advanced: FastMCP CLI ← inspect, install, discover

The upstream FastMCP CLI is also bundled and provides additional commands for schema inspection, client installation, and editor discovery. Note that fastmcp uses in-memory token storage, so each invocation may re-trigger the OAuth flow.

fastmcp inspect fastmcp_server.py                        # print tools, resources, prompts
fastmcp install claude-code fastmcp_server.py             # one-command client setup
fastmcp install cursor fastmcp_server.py
fastmcp discover                                          # find servers configured in editors

See fastmcp --help or the FastMCP CLI docs for the full command reference.

Tool Tiers

The server organizes tools into three progressive tiers for simplified deployment. Choose a tier that matches your usage needs and API quota requirements.

Available Tiers

Core (--tool-tier core) Essential tools for everyday tasks. Perfect for light usage with minimal API quotas. Includes search, read, create, and basic modify operations across all services.

Extended (--tool-tier extended) Core functionality plus management tools. Adds labels, folders, batch operations, and advanced search. Ideal for regular usage with moderate API needs.

Complete (--tool-tier complete) Full API access including comments, headers/footers, publishing settings, and administrative functions. For power users needing maximum functionality.

Important Notes

Start with core and upgrade as needed Tiers are cumulative – each includes all previous Mix and match with --tools for specific services Configuration in core/tool_tiers.yaml Authentication included in all tiers

Usage Examples

# Basic tier selection
uv run main.py --tool-tier core                            # Start with essential tools only
uv run main.py --tool-tier extended                        # Expand to include management features
uv run main.py --tool-tier complete                        # Enable all available functionality

# Selective service loading with tiers
uv run main.py --tools gmail drive --tool-tier core        # Core tools for specific services
uv run main.py --tools gmail --tool-tier extended          # Extended Gmail functionality only
uv run main.py --tools docs sheets --tool-tier complete    # Full access to Docs and Sheets

# Combine tier selection with granular permission levels
uv run main.py --permissions gmail:organize drive:full --tool-tier core

📋 Credential Configuration

🔑 OAuth Credentials Setup ← Essential for all installations

🚀 Environment Variables

export GOOGLE_OAUTH_CLIENT_ID=\
  "your-client-id"
export GOOGLE_OAUTH_CLIENT_SECRET=\
  "your-secret"

Best for production

📁 File-based

# Download & place in project root
client_secret.json

# Or specify custom path
export GOOGLE_CLIENT_SECRET_PATH=\
  /path/to/secret.json

Traditional method

⚡ .env File

cp .env.oauth21 .env
# Edit .env with credentials

Best for development

📖 Credential Lo

More from Other