MCP Servers

Google Workspace MCP

Gmail, Calendar, Drive, Docs, Sheets, and Slides via a single MCP server — read emails, create events, edit spreadsheets, and manage Drive files from Claude.

Taylor Wilsdon2,017 starsAdded 1 months ago

google gmail calendar drive sheets workspace mcp

Google Workspace MCP Server

Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, Contacts, and Chat through all MCP clients, AI assistants and developer tools. Includes a full featured CLI for use with tools like Claude Code and Codex!

The most feature-complete Google Workspace MCP server, with Remote OAuth2.1 multi-user support and 1-click Claude installation. With native OAuth 2.1, stateless mode and external auth server support, it's the only Workspace MCP you can host for your whole organization centrally & securely!

Support for all free Google accounts (Gmail, Docs, Drive etc) & Google Workspace plans (Starter, Standard, Plus, Enterprise, Non Profit) with expanded app options like Chat & Spaces.

Interested in a private, managed cloud instance? That can be arranged.

⚡ Start
_{Quick Start · Prerequisites

Google Cloud · Credentials}

🧰 Tools
_{All Tools · Tool Tiers

CLI · Start Server}

🔌 Connect
_{1-Click Install · Claude Desktop

Claude Code · VS Code · LM Studio}

🚀 Deploy
_{OAuth 2.1 · Stateless

External OAuth · Reverse Proxy}

📐 Develop
_{Architecture · Dev Setup

Security · License}

See it in action:

Overview

Workspace MCP is the single most complete MCP server that integrates all major Google Workspace services with AI assistants. It supports both single-user operation and multi-user authentication via OAuth 2.1, making it a powerful backend for custom applications. Built with FastMCP for optimal performance, featuring advanced authentication handling, service caching, and streamlined development patterns. The entire toolset is available for CLI usage supporting both local and remote instances.

Simplified Setup: Now uses Google Desktop OAuth clients - no redirect URIs or port configuration needed!

Features

12 services — Gmail · Drive · Calendar · Docs · Sheets · Slides · Forms · Chat · Apps Script · Tasks · Contacts · Search

📧 Gmail — Complete email management, end-to-end coverage
📁 Drive — File operations with sharing, permissions & Office formats
📅 Calendar — Full event management with advanced features
📝 Docs — Deep, fine-grained editing, formatting & comments
📊 Sheets — Flexible cell management, formatting & conditional rules
🖼️ Slides — Presentation creation, updates & content manipulation
📋 Forms — Creation, publish settings & response management
💬 Chat — Space management, messaging & reactions

⚡ Apps Script — Cross-application workflow automation
_{Projects · deployments · versions · execution · debugging}

✅ Tasks — Task & list management with hierarchy
👤 Contacts — People API with groups & batch operations
🔍 Custom Search — Programmable Search Engine integration

🔐 Authentication & Security
_{OAuth 2.0 & 2.1 · auto token refresh · multi-user bearer tokens · transport-aware callbacks · CORS proxy}

Quick Start

Set credentials → pick a launch command → connect your client

# 1. Credentials
export GOOGLE_OAUTH_CLIENT_ID="..."
export GOOGLE_OAUTH_CLIENT_SECRET="..."

# 2. Launch — pick a tier
uvx workspace-mcp --tool-tier core       # essential tools
uvx workspace-mcp --tool-tier extended   # core + management ops
uvx workspace-mcp --tool-tier complete   # everything

# Or cherry-pick services
uv run main.py --tools gmail drive calendar

_{Credential setup → · All launch options → · Tier details →}

Environment Variable Reference

_{Variable Purpose
🔐 Authentication
GOOGLE_OAUTH_CLIENT_ID required OAuth client ID from Google Cloud
GOOGLE_OAUTH_CLIENT_SECRET required OAuth client secret
OAUTHLIB_INSECURE_TRANSPORT required* Set to 1 for development — allows http:// redirect
USER_GOOGLE_EMAIL Default email for single-user auth
GOOGLE_CLIENT_SECRET_PATH Custom path to client_secret.json
GOOGLE_MCP_CREDENTIALS_DIR Credential storage directory — default ~/.google_workspace_mcp/credentials
🖥️ Server
WORKSPACE_MCP_BASE_URI Base server URI (no port) — default http://localhost
WORKSPACE_MCP_PORT Listening port — default 8000
WORKSPACE_MCP_HOST Bind host — default 0.0.0.0
WORKSPACE_EXTERNAL_URL External URL for reverse proxy setups
WORKSPACE_ATTACHMENT_DIR Downloaded attachments dir — default ~/.workspace-mcp/attachments/
WORKSPACE_MCP_URL Remote MCP endpoint URL for CLI
ALLOWED_FILE_DIRS Colon-separated allowlist for local file reads
🔑 OAuth 2.1 & Multi-User
MCP_ENABLE_OAUTH21 true to enable OAuth 2.1 multi-user support
EXTERNAL_OAUTH21_PROVIDER true for external OAuth flow with bearer tokens
WORKSPACE_MCP_STATELESS_MODE true for stateless container-friendly operation
GOOGLE_OAUTH_REDIRECT_URI Override OAuth callback URL — default auto-constructed
OAUTH_CUSTOM_REDIRECT_URIS Comma-separated additional redirect URIs
OAUTH_ALLOWED_ORIGINS Comma-separated additional CORS origins
WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND memory, disk, or valkey — see storage backends
FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY Custom encryption key for OAuth proxy storage
🔍 Custom Search
GOOGLE_PSE_API_KEY API key for Programmable Search Engine
GOOGLE_PSE_ENGINE_ID Search Engine ID for PSE
*Required for development only. Claude Desktop stores credentials securely in the OS keychain — set them once in the extension pane.}

Variable		Purpose
🔐 Authentication
`GOOGLE_OAUTH_CLIENT_ID`	required	OAuth client ID from Google Cloud
`GOOGLE_OAUTH_CLIENT_SECRET`	required	OAuth client secret
`OAUTHLIB_INSECURE_TRANSPORT`	required*	Set to `1` for development — allows `http://` redirect
`USER_GOOGLE_EMAIL`		Default email for single-user auth
`GOOGLE_CLIENT_SECRET_PATH`		Custom path to `client_secret.json`
`GOOGLE_MCP_CREDENTIALS_DIR`		Credential storage directory — default `~/.google_workspace_mcp/credentials`
🖥️ Server
`WORKSPACE_MCP_BASE_URI`		Base server URI (no port) — default `http://localhost`
`WORKSPACE_MCP_PORT`		Listening port — default `8000`
`WORKSPACE_MCP_HOST`		Bind host — default `0.0.0.0`
`WORKSPACE_EXTERNAL_URL`		External URL for reverse proxy setups
`WORKSPACE_ATTACHMENT_DIR`		Downloaded attachments dir — default `~/.workspace-mcp/attachments/`
`WORKSPACE_MCP_URL`		Remote MCP endpoint URL for CLI
`ALLOWED_FILE_DIRS`		Colon-separated allowlist for local file reads
🔑 OAuth 2.1 & Multi-User
`MCP_ENABLE_OAUTH21`		`true` to enable OAuth 2.1 multi-user support
`EXTERNAL_OAUTH21_PROVIDER`		`true` for external OAuth flow with bearer tokens
`WORKSPACE_MCP_STATELESS_MODE`		`true` for stateless container-friendly operation
`GOOGLE_OAUTH_REDIRECT_URI`		Override OAuth callback URL — default auto-constructed
`OAUTH_CUSTOM_REDIRECT_URIS`		Comma-separated additional redirect URIs
`OAUTH_ALLOWED_ORIGINS`		Comma-separated additional CORS origins
`WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND`		`memory`, `disk`, or `valkey` — see storage backends
`FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY`		Custom encryption key for OAuth proxy storage
🔍 Custom Search
`GOOGLE_PSE_API_KEY`		API key for Programmable Search Engine
`GOOGLE_PSE_ENGINE_ID`		Search Engine ID for PSE

One-Click Claude Desktop Install

.dxt bundles server, deps & manifest — download → double-click → done. No terminal, no JSON editing.

Download the latest google_workspace_mcp.dxt from Releases
Install — double-click the file, Claude Desktop prompts to install
Configure — Settings → Extensions → Google Workspace MCP, paste your OAuth credentials
Use it — start a new Claude chat and call any Google Workspace tool

Prerequisites

Python 3.10+ · uv/uvx · Google Cloud Project with OAuth 2.0 credentials

Configuration

Google Cloud Setup

Create Project — Open Console → → Create new project
Create OAuth Credentials — APIs & Services → Credentials → Create Credentials → OAuth Client ID
- Choose Desktop Application (no redirect URIs needed!)
- Download and note your Client ID & Client Secret
Enable APIs — APIs & Services → Library, then enable each service:

Calendar Drive Gmail Docs
Sheets Slides Forms Tasks
Chat People Custom Search Apps Script


Calendar	Drive	Gmail	Docs
Sheets	Slides	Forms	Tasks
Chat	People	Custom Search	Apps Script

Set Credentials — see Environment Variable Reference above, or:

export GOOGLE_OAUTH_CLIENT_ID="your-client-id"
export GOOGLE_OAUTH_CLIENT_SECRET="your-secret"

_{Full OAuth documentation → · Credential setup details →}

Google Custom Search Setup

◆ Custom Search Configuration _{^{← Enable web search capabilities}}

1. Create Search Engine

programmablesearchengine.google.com
/controlpanel/create

→ Configure sites or entire web
→ Note your Engine ID (cx)

_{Open Control Panel →}

2. Get API Key

developers.google.com
/custom-search/v1/overview

→ Create/select project
→ Enable Custom Search API
→ Create credentials (API Key)

_{Get API Key →}

3. Set Variables

export GOOGLE_PSE_API_KEY=\
  "your-api-key"
export GOOGLE_PSE_ENGINE_ID=\
  "your-engine-id"

_{Configure in environment}

≡ Quick Setup Guide _{^{← Step-by-step instructions}}

Complete Setup Process:

Create Search Engine - Visit the Control Panel
- Choose "Search the entire web" or specify sites
- Copy the Search Engine ID (looks like: 017643444788157684527:6ivsjbpxpqw)
Enable API & Get Key - Visit Google Developers Console
- Enable "Custom Search API" in your project
- Create credentials → API Key
- Restrict key to Custom Search API (recommended)

Configure Environment - Add to your shell or .env:

export GOOGLE_PSE_API_KEY="AIzaSy..."
export GOOGLE_PSE_ENGINE_ID="01764344478..."

≡ Full Documentation →

Start the Server

📌 Transport Mode Guidance: Use streamable HTTP mode (--transport streamable-http) for all modern MCP clients including Claude Code, VS Code MCP, and MCP Inspector. Stdio mode is only for clients with incomplete MCP specification support.

▶ Launch Commands _{^{← Choose your startup mode}}

▶ Legacy Mode

uv run main.py

_{⚠️ Stdio mode (incomplete MCP clients only)}

◆ HTTP Mode (Recommended)

uv run main.py \
  --transport streamable-http

_{✅ Full MCP spec compliance & OAuth 2.1}

@ Single User

uv run main.py \
  --single-user

_{Simplified authentication} _{⚠️ Cannot be used with OAuth 2.1 mode}

◆ Advanced Options _{^{← Tool selection, tiers & Docker}}

▶ Selective Tool Loading

# Load specific services only
uv run main.py --tools gmail drive calendar
uv run main.py --tools sheets docs

# Combine with other flags
uv run main.py --single-user --tools gmail

🔒 Read-Only Mode

# Requests only read-only scopes & disables write tools
uv run main.py --read-only

# Combine with specific tools or tiers
uv run main.py --tools gmail drive --read-only
uv run main.py --tool-tier core --read-only

Read-only mode provides secure, restricted access by:

Requesting only *.readonly OAuth scopes (e.g., gmail.readonly, drive.readonly)
Automatically filtering out tools that require write permissions at startup
Allowing read operations: list, get, search, and export across all services

🔐 Granular Permissions

# Per-service permission levels
uv run main.py --permissions gmail:organize drive:readonly

# Combine permissions with tier filtering
uv run main.py --permissions gmail:send drive:full --tool-tier core

Granular permissions mode provides service-by-service scope control:

Format: service:level (one entry per service)
Gmail levels: readonly, organize, drafts, send, full (cumulative)
Tasks levels: readonly, manage, full (cumulative; manage allows create/update/move but denies delete and clear_completed)
Other services currently support: readonly, full
--permissions and --read-only are mutually exclusive
--permissions cannot be combined with --tools; enabled services are determined by the --permissions entries (optionally filtered by --tool-tier)
With --tool-tier, only tier-matched tools are enabled and only services that have tools in the selected tier are imported

★ Tool Tiers

uv run main.py --tool-tier core      # ● Essential tools only
uv run main.py --tool-tier extended  # ◐ Core + additional
uv run main.py --tool-tier complete  # ○ All available tools

◆ Docker Deployment

docker build -t workspace-mcp .
docker run -p 8000:8000 -v $(pwd):/app \
  workspace-mcp --transport streamable-http

# With tool selection via environment variables
docker run -e TOOL_TIER=core workspace-mcp
docker run -e TOOLS="gmail drive calendar" workspace-mcp

Available Services: gmail • drive • calendar • docs • sheets • forms • tasks • contacts • chat • search

CLI

The workspace-cli command lists tools and calls them against a running server — with encrypted, disk-backed OAuth token caching so you only authenticate once. On first run it opens a browser for Google consent; subsequent runs reuse the cached tokens automatically.

Tokens are stored encrypted at ~/.workspace-mcp/cli-tokens/ using a Fernet key auto-generated at ~/.workspace-mcp/.cli-encryption-key.

▶ workspace-cli Commands _{^{← Persistent OAuth, no re-auth on every call}}

▶ List Tools

uv run workspace-cli list
uv run workspace-cli --url https://custom.server/mcp list

# Or, if installed globally:
workspace-cli list
workspace-cli --url https://custom.server/mcp list

_{View all available tools}

◆ Call a Tool

uv run workspace-cli call search_gmail_messages \
  query="is:unread" max_results=5

_{Execute a tool with key=value arguments}

Set URL for remote endpoints with --url or the WORKSPACE_MCP_URL environment variable.

≡ Advanced: FastMCP CLI _{^{← inspect, install, discover}}

The upstream FastMCP CLI is also bundled and provides additional commands for schema inspection, client installation, and editor discovery. Note that fastmcp uses in-memory token storage, so each invocation may re-trigger the OAuth flow.

fastmcp inspect fastmcp_server.py                        # print tools, resources, prompts
fastmcp install claude-code fastmcp_server.py             # one-command client setup
fastmcp install cursor fastmcp_server.py
fastmcp discover                                          # find servers configured in editors

See fastmcp --help or the FastMCP CLI docs for the full command reference.

Tool Tiers

The server organizes tools into three progressive tiers for simplified deployment. Choose a tier that matches your usage needs and API quota requirements.

Available Tiers

● Core (--tool-tier core) Essential tools for everyday tasks. Perfect for light usage with minimal API quotas. Includes search, read, create, and basic modify operations across all services.

● Extended (--tool-tier extended) Core functionality plus management tools. Adds labels, folders, batch operations, and advanced search. Ideal for regular usage with moderate API needs.

● Complete (--tool-tier complete) Full API access including comments, headers/footers, publishing settings, and administrative functions. For power users needing maximum functionality.

Important Notes

▶ Start with core and upgrade as needed ▶ Tiers are cumulative – each includes all previous ▶ Mix and match with --tools for specific services ▶ Configuration in core/tool_tiers.yaml ▶ Authentication included in all tiers

Usage Examples

# Basic tier selection
uv run main.py --tool-tier core                            # Start with essential tools only
uv run main.py --tool-tier extended                        # Expand to include management features
uv run main.py --tool-tier complete                        # Enable all available functionality

# Selective service loading with tiers
uv run main.py --tools gmail drive --tool-tier core        # Core tools for specific services
uv run main.py --tools gmail --tool-tier extended          # Extended Gmail functionality only
uv run main.py --tools docs sheets --tool-tier complete    # Full access to Docs and Sheets

# Combine tier selection with granular permission levels
uv run main.py --permissions gmail:organize drive:full --tool-tier core

📋 Credential Configuration

🔑 OAuth Credentials Setup _{^{← Essential for all installations}}

🚀 Environment Variables

export GOOGLE_OAUTH_CLIENT_ID=\
  "your-client-id"
export GOOGLE_OAUTH_CLIENT_SECRET=\
  "your-secret"

_{Best for production}

📁 File-based

# Download & place in project root
client_secret.json

# Or specify custom path
export GOOGLE_CLIENT_SECRET_PATH=\
  /path/to/secret.json

_{Traditional method}

⚡ .env File

cp .env.oauth21 .env
# Edit .env with credentials

_{Best for development}

📖 Credential Loading Details _{^{← Understanding priority & best practices}}

Loading Priority

Environment variables (export VAR=value)
.env file in project root (warning - if you run via uvx rather than uv run from the repo directory, you are spawning a standalone process not associated with your clone of the repo and it will not find your .env file without specifying it directly)
client_secret.json via GOOGLE_CLIENT_SECRET_PATH
Default client_secret.json in project root

Why Environment Variables?

✅ Docker/K8s ready - Native container support
✅ Cloud platforms - Heroku, Railway, Vercel
✅ CI/CD pipelines - GitHub Actions, Jenkins
✅ No secrets in git - Keep credentials secure
✅ Easy rotation - Update without code changes

🧰 Available Tools

Note: All tools support automatic authentication via @require_google_service() decorators with 30-minute service caching.

📅 Google Calendar _{calendar_tools.py}

_Tool	_Tier	_Description
_{list_calendars}	_Core	_{List accessible calendars}
_{get_events}	_Core	_{Retrieve events with time range filtering}
_{manage_event}	_Core	_{Create, update, or delete calendar events}

📁 Google Drive _{drive_tools.py}

_Tool	_Tier	_Description
_{search_drive_files}	_Core	_{Search files with query syntax}
_{get_drive_file_content}	_Core	_{Read file content (Office formats)}
_{get_drive_file_download_url}	_Core	_{Download Drive files to local disk}
_{create_drive_file}	_Core	_{Create files or fetch from URLs}
_{create_drive_folder}	_Core	_{Create empty folders in Drive or shared drives}
_{import_to_google_doc}	_Core	_{Import files (MD, DOCX, HTML, etc.) as Google Docs}
_{get_drive_shareable_link}	_Core	_{Get shareable links for a file}
_{list_drive_items}	_Extended	_{List folder contents}
_{copy_drive_file}	_Extended	_{Copy existing files (templates) with optional renaming}
_{update_drive_file}	_Extended	_{Update file metadata, move between folders}
_{manage_drive_access}	_Extended	_{Grant, update, revoke permissions, and transfer ownership}
_{set_drive_file_permissions}	_Extended	_{Set link sharing and file-level sharing settings}
_{get_drive_file_permissions}	_Complete	_{Get detailed file permissions}
_{check_drive_file_public_access}	_Complete	_{Check public sharing status}

📧 Gmail _{gmail_tools.py}

_Tool	_Tier	_Description
_{search_gmail_messages}	_Core	_{Search with Gmail operators}
_{get_gmail_message_content}	_Core	_{Retrieve message content}
_{get_gmail_messages_content_batch}	_Core	_{Batch retrieve message content}
_{send_gmail_message}	_Core	_{Send emails}
_{get_gmail_thread_content}	_Extended	_{Get full thread content}
_{modify_gmail_message_labels}	_Extended	_{Modify message labels}
_{list_gmail_labels}	_Extended	_{List available labels}
_{list_gmail_filters}	_Extended	_{List Gmail filters}
_{manage_gmail_label}	_Extended	_{Create/update/delete labels}
_{manage_gmail_filter}	_Extended	_{Create or delete Gmail filters}
_{draft_gmail_message}	_Extended	_{Create drafts}
_{get_gmail_threads_content_batch}	_Complete	_{Batch retrieve thread content}
_{batch_modify_gmail_message_labels}	_Complete	_{Batch modify labels}
_{start_google_auth}	_Complete	_{Legacy OAuth 2.0 auth (disabled when OAuth 2.1 is enabled)}

📎 Email Attachments _{^{← Send emails with files}}

Both send_gmail_message and draft_gmail_message support attachments via two methods:

Option 1: File Path (local server only)

attachments=[{"path": "/path/to/report.pdf"}]

Reads file from disk, auto-detects MIME type. Optional filename override.

Option 2: Base64 Content (works everywhere)

attachments=[{
    "filename": "report.pdf",
    "content": "JVBERi0xLjQK...",  # base64-encoded
    "mime_type": "application/pdf"   # optional
}]

⚠️ Centrally Hosted Servers: When the MCP server runs remotely (cloud, shared instance), it cannot access your local filesystem. Use Option 2 with base64-encoded content. Your MCP client must encode files before sending.

📥 Downloaded Attachment Storage _{^{← Where downloaded files are saved}}

When downloading Gmail attachments (get_gmail_attachment_content) or Drive files (get_drive_file_download_url), files are saved to a persistent local directory rather than a temporary folder in the working directory.

Default location: ~/.workspace-mcp/attachments/

Files are saved with their original filename plus a short UUID suffix for uniqueness (e.g., invoice_a1b2c3d4.pdf). In stdio mode, the tool returns the absolute file path for direct filesystem access. In HTTP mode, it returns a download URL via the /attachments/{file_id} endpoint.

To customize the storage directory:

export WORKSPACE_ATTACHMENT_DIR="/path/to/custom/dir"

Saved files expire after 1 hour and are cleaned up automatically.

📝 Google Docs _{docs_tools.py}

_Tool	_Tier	_Description
_{get_doc_content}	_Core	_{Extract document text}
_{create_doc}	_Core	_{Create new documents}
_{modify_doc_text}	_Core	_{Insert, replace, and richly format text with tab/segment targeting, append-to-segment support, advanced typography, and link management}
_{search_docs}	_Extended	_{Find documents by name}
_{find_and_replace_doc}	_Extended	_{Find and replace text}
_{list_docs_in_folder}	_Extended	_{List docs in folder}
_{insert_doc_elements}	_Extended	_{Add tables, lists, page breaks}
_{update_paragraph_style}	_Extended	_{Apply advanced paragraph styling including headings, spacing, direction, pagination controls, shading, and bulleted/numbered/checkbox lists with nesting}
_{get_doc_as_markdown}	_Extended	_{Export document as formatted Markdown with optional comments}
_{insert_doc_image}	_Complete	_{Insert images from Drive/URLs}
_{update_doc_headers_footers}	_Complete	_{Create or update headers and footers with correct segment-aware writes}
_{batch_update_doc}	_Complete	_{Execute atomic multi-step Docs API operations including named ranges, section breaks, document/section layout, header/footer creation, segment-aware inserts, images, tables, and rich formatting}
_{inspect_doc_structure}	_Complete	_{Analyze document structure, including safe insertion points, tables, section breaks, headers/footers, and named ranges}
_{export_doc_to_pdf}	_Extended	_{Export document to PDF}
_{create_table_with_data}	_Complete	_{Create data tables}
_{debug_table_structure}	_Complete	_{Debug table issues}
_{list_document_comments}	_Complete	_{List all document comments}
_{manage_document_comment}	_Complete	_{Create, reply to, or resolve comments}

📊 Google Sheets _{sheets_tools.py}

_Tool	_Tier	_Description
_{read_sheet_values}	_Core	_{Read cell ranges}
_{modify_sheet_values}	_Core	_{Write/update/clear cells}
_{create_spreadsheet}	_Core	_{Create new spreadsheets}
_{list_spreadsheets}	_Extended	_{List accessible spreadsheets}
_{get_spreadsheet_info}	_Extended	_{Get spreadsheet metadata}
_{format_sheet_range}	_Extended	_{Apply colors, number formats, text wrapping, alignment, bold/italic, font size}
_{create_sheet}	_Complete	_{Add sheets to existing files}
_{list_spreadsheet_comments}	_Complete	_{List all spreadsheet comments}
_{manage_spreadsheet_comment}	_Complete	_{Create, reply to, or resolve comments}
_{manage_conditional_formatting}	_Complete	_{Add, update, or delete conditional formatting rules}

🖼️ Google Slides _{slides_tools.py}

_Tool	_Tier	_Description
_{create_presentation}	_Core	_{Create new presentations}
_{get_presentation}	_Core	_{Retrieve presentation details}
_{batch_update_presentation}	_Extended	_{Apply multiple updates}
_{get_page}	_Extended	_{Get specific slide information}
_{get_page_thumbnail}	_Extended	_{Generate slide thumbnails}
_{list_presentation_comments}	_Complete	_{List all presentation comments}
_{manage_presentation_comment}	_Complete	_{Create, reply to, or resolve comments}

📋 Google Forms _{forms_tools.py}

_Tool	_Tier	_Description
_{create_form}	_Core	_{Create new forms}
_{get_form}	_Core	_{Retrieve form details & URLs}
_{set_publish_settings}	_Complete	_{Configure form settings}
_{get_form_response}	_Complete	_{Get individual responses}
_{list_form_responses}	_Extended	_{List all responses with pagination}
_{batch_update_form}	_Complete	_{Apply batch updates (questions, settings)}

✓ Google Tasks _{tasks_tools.py}

_Tool	_Tier	_Description
_{list_tasks}	_Core	_{List tasks with filtering}
_{get_task}	_Core	_{Retrieve task details}
_{manage_task}	_Core	_{Create, update, delete, or move tasks}
_{list_task_lists}	_Complete	_{List task lists}
_{get_task_list}	_Complete	_{Get task list details}
_{manage_task_list}	_Complete	_{Create, update, delete task lists, or clear completed tasks}

👤 Google Contacts _{contacts_tools.py}

_Tool	_Tier	_Description
_{search_contacts}	_Core	_{Search contacts by name, email, phone}
_{get_contact}	_Core	_{Retrieve detailed contact info}
_{list_contacts}	_Core	_{List contacts with pagination}
_{manage_contact}	_Core	_{Create, update, or delete contacts}
_{list_contact_groups}	_Extended	_{List contact groups/labels}
_{get_contact_group}	_Extended	_{Get group details with members}
_{manage_contacts_batch}	_Complete	_{Batch create, update, or delete contacts}
_{manage_contact_group}	_Complete	_{Create, update, delete groups, or modify membership}

💬 Google Chat _{chat_tools.py}

_Tool	_Tier	_Description
_{list_spaces}	_Extended	_{List chat spaces/rooms}
_{get_messages}	_Core	_{Retrieve space messages}
_{send_message}	_Core	_{Send messages to spaces}
_{search_messages}	_Core	_{Search across chat history}
_{create_reaction}	_Core	_{Add emoji reaction to a message}
_{download_chat_attachment}	_Extended	_{Download attachment from a chat message}

🔍 Google Custom Search _{search_tools.py}

_Tool	_Tier	_Description
_{search_custom}	_Core	_{Perform web searches (supports site restrictions via sites parameter)}
_{get_search_engine_info}	_Complete	_{Retrieve search engine metadata}

⚡ Google Apps Script _{apps_script_tools.py}

_Tool	_Tier	_Description
_{list_script_projects}	_Core	_{List accessible Apps Script projects}
_{get_script_project}	_Core	_{Get complete project with all files}
_{get_script_content}	_Core	_{Retrieve specific file content}
_{create_script_project}	_Core	_{Create new standalone or bound project}
_{update_script_content}	_Core	_{Update or create script files}
_{run_script_function}	_Core	_{Execute function with parameters}
_{list_deployments}	_Extended	_{List all project deployments}
_{manage_deployment}	_Extended	_{Create, update, or delete script deployments}
_{list_script_processes}	_Extended	_{View recent executions and status}

_{Tool Tier Legend:

● Core — Essential tools for basic functionality · Minimal API usage · Getting started

● Extended — Core + additional features · Regular usage · Expanded capabilities

● Complete — All available tools including advanced features · Power users · Full API access}

Connect to Claude Desktop

The server supports two transport modes:

Stdio Mode (Legacy - For Clients with Incomplete MCP Support)

⚠️ Important: Stdio mode is a legacy fallback for clients that don't properly implement the MCP specification with OAuth 2.1 and streamable HTTP support. Claude Code and other modern MCP clients should use streamable HTTP mode (--transport streamable-http) for proper OAuth flow and multi-user support.

In general, you should use the one-click DXT installer package for Claude Desktop. If you are unable to for some reason, you can configure it manually via claude_desktop_config.json

Manual Claude Configuration (Alternative)

📝 Claude Desktop JSON Config _{^{← Click for manual setup instructions}}

Open Claude Desktop Settings → Developer → Edit Config
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
- Windows: %APPDATA%\Claude\claude_desktop_config.json
Add the server configuration:

{
  "mcpServers": {
    "google_workspace": {
      "command": "uvx",
      "args": ["workspace-mcp"],
      "env": {
        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id",
        "GOOGLE_OAUTH_CLIENT_SECRET": "your-secret",
        "OAUTHLIB_INSECURE_TRANSPORT": "1"
      }
    }
  }
}

Connect to LM Studio

Add a new MCP server in LM Studio (Settings → MCP Servers) using the same JSON format:

{
  "mcpServers": {
    "google_workspace": {
      "command": "uvx",
      "args": ["workspace-mcp"],
      "env": {
        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id",
        "GOOGLE_OAUTH_CLIENT_SECRET": "your-secret",
        "OAUTHLIB_INSECURE_TRANSPORT": "1",
      }
    }
  }
}

2. Advanced / Cross-Platform Installation

If you’re developing, deploying to servers, or using another MCP-capable client, keep reading.

Instant CLI (uvx)

⚡ Quick Start with uvx _{^{← No installation required!}}

# Requires Python 3.10+ and uvx
# First, set credentials (see Credential Configuration above)
uvx workspace-mcp --tool-tier core  # or --tools gmail drive calendar

Note: Configure OAuth credentials before running. Supports environment variables, .env file, or client_secret.json.

Local Development Setup

🛠️ Developer Workflow _{^{← Install deps, lint, and test}}

# Install everything needed for linting, tests, and release tooling
uv sync --group dev

# Run the same linter that git hooks invoke automatically
uv run ruff check .

# Execute the full test suite (async fixtures require pytest-asyncio)
uv run pytest

uv sync --group test installs only the testing stack if you need a slimmer environment.
uv run main.py --transport streamable-http launches the server with your checked-out code for manual verification.
Ruff is part of the dev group because pre-push hooks call ruff check automatically—run it locally before committing to avoid hook failures.

OAuth 2.1 Support (Multi-User Bearer Token Authentication)

The server includes OAuth 2.1 support for bearer token authentication, enabling multi-user session management. OAuth 2.1 automatically reuses your existing GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET credentials - no additional configuration needed!

When to use OAuth 2.1:

Multiple users accessing the same MCP server instance
Need for bearer token authentication instead of passing user emails
Building web applications or APIs on top of the MCP server
Production environments requiring secure session management
Browser-based clients requiring CORS support

⚠️ Important: OAuth 2.1 and Single-User Mode are mutually exclusive

OAuth 2.1 mode (MCP_ENABLE_OAUTH21=true) cannot be used together with the --single-user flag:

Single-user mode: For legacy clients that pass user emails in tool calls
OAuth 2.1 mode: For modern multi-user scenarios with bearer token authentication

Choose one authentication method - using both will result in a startup error.

Enabling OAuth 2.1: To enable OAuth 2.1, set the MCP_ENABLE_OAUTH21 environment variable to true.

# OAuth 2.1 requires HTTP transport mode
export MCP_ENABLE_OAUTH21=true
uv run main.py --transport streamable-http

If MCP_ENABLE_OAUTH21 is not set to true, the server will use legacy authentication, which is suitable for clients that do not support OAuth 2.1.

🔐 How the FastMCP GoogleProvider handles OAuth _{^{← Advanced OAuth 2.1 details}}

FastMCP ships a native GoogleProvider that we now rely on directly. It solves the two tricky parts of using Google OAuth with MCP clients:

Dynamic Client Registration: Google still doesn't support OAuth 2.1 DCR, but the FastMCP provider exposes the full DCR surface and forwards registrations to Google using your fixed credentials. MCP clients register as usual and the provider hands them your Google client ID/secret under the hood.
CORS & Browser Compatibility: The provider includes an OAuth proxy that serves all discovery, authorization, and token endpoints with proper CORS headers. We no longer maintain custom /oauth2/* routes—the provider handles the upstream exchanges securely and advertises the correct metadata to clients.

The result is a leaner server that still enables any OAuth 2.1 compliant client (including browser-based ones) to authenticate through Google without bespoke code.

Stateless Mode (Container-Friendly)

The server supports a stateless mode designed for containerized environments where file system writes should be avoided:

Enabling Stateless Mode:

# Stateless mode requires OAuth 2.1 to be enabled
export MCP_ENABLE_OAUTH21=true
export WORKSPACE_MCP_STATELESS_MODE=true
uv run main.py --transport streamable-http

Key Features:

No file system writes: Credentials are never written to disk
No debug logs: File-based logging is completely disabled
Memory-only sessions: All tokens stored in memory via OAuth 2.1 session store
Container-ready: Perfect for Docker, Kubernetes, and serverless deployments
Token per request: Each request must include a valid Bearer token

Requirements:

Must be used with MCP_ENABLE_OAUTH21=true
Incompatible with single-user mode
Clients must handle OAuth flow and send valid tokens with each request

This mode is ideal for:

Cloud deployments where persistent storage is unavailable
Multi-tenant environments requiring strict isolation
Containerized applications with read-only filesystems
Serverless functions and ephemeral compute environments

MCP Inspector: No additional configuration needed with desktop OAuth client.

Claude Code: No additional configuration needed with desktop OAuth client.

OAuth Proxy Storage Backends

The server supports pluggable storage backends for OAuth proxy state management via FastMCP 2.13.0+. Choose a backend based on your deployment needs.

Available Backends:

Backend	Best For	Persistence	Multi-Server
Memory	Development, testing	❌	❌
Disk	Single-server production	✅	❌
Valkey/Redis	Distributed production	✅	✅

Configuration:

# Memory storage (fast, no persistence)
export WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=memory

# Disk storage (persists across restarts)
export WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=disk
export WORKSPACE_MCP_OAUTH_PROXY_DISK_DIRECTORY=~/.fastmcp/oauth-proxy

# Valkey/Redis storage (distributed, multi-server)
export WORKSPACE_MCP_OAUTH_PROXY_STORAGE_BACKEND=valkey
export WORKSPACE_MCP_OAUTH_PROXY_VALKEY_HOST=redis.example.com
export WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PORT=6379

Disk support requires workspace-mcp[disk] (or py-key-value-aio[disk]) when installing from source. The official Docker image includes the disk extra by default. Valkey support is optional. Install workspace-mcp[valkey] (or py-key-value-aio[valkey]) only if you enable the Valkey backend. Windows: building valkey-glide from source requires MSVC C++ build tools with C11 support. If you see aws-lc-sys C11 errors, set CFLAGS=/std:c11.

🔐 Valkey/Redis Configuration Options

Variable	Default	Description
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_HOST`	localhost	Valkey/Redis host
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PORT`	6379	Port (6380 auto-enables TLS)
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_DB`	0	Database number
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_USE_TLS`	auto	Enable TLS (auto if port 6380)
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_USERNAME`	-	Authentication username
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_PASSWORD`	-	Authentication password
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_REQUEST_TIMEOUT_MS`	5000	Request timeout for remote hosts
`WORKSPACE_MCP_OAUTH_PROXY_VALKEY_CONNECTION_TIMEOUT_MS`	10000	Connection timeout for remote hosts

Encryption: Disk and Valkey storage are encrypted with Fernet. The encryption key is derived from FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY if set, otherwise from GOOGLE_OAUTH_CLIENT_SECRET.

External OAuth 2.1 Provider Mode

The server supports an external OAuth 2.1 provider mode for scenarios where authentication is handled by an external system. In this mode, the MCP server does not manage the OAuth flow itself but expects valid bearer tokens in the Authorization header of tool calls.

Enabling External OAuth 2.1 Provider Mode:

# External OAuth provider mode requires OAuth 2.1 to be enabled
export MCP_ENABLE_OAUTH21=true
export EXTERNAL_OAUTH21_PROVIDER=true
uv run main.py --transport streamable-http

How It Works:

Protocol-level auth enabled: All MCP requests (including initialize and tools/list) require a valid Bearer token, following the standard OAuth 2.1 flow. Unauthenticated requests receive a 401 with resource metadata pointing to Google's authorization server.
External OAuth flow: Your external system handles the OAuth flow and obtains Google access tokens (ya29.*)
Token validation: Server validates bearer tokens by calling Google's userinfo API
Multi-user support: Each request is authenticated independently based on its bearer token
Resource metadata discovery: The server serves /.well-known/oauth-protected-resource (RFC 9728) advertising Google as the authorization server and the required scopes

Key Features:

No local OAuth flow: Server does not provide /authorize, /token, or /register endpoints — only resource metadata
Bearer token only: All authentication via Authorization: Bearer <token> headers
Stateless by design: Works seamlessly with WORKSPACE_MCP_STATELESS_MODE=true
External identity providers: Integrate with your existing authentication infrastructure

Requirements:

Must be used with MCP_ENABLE_OAUTH21=true
OAuth credentials still required for token validation (GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET)
External system must obtain valid Google OAuth access tokens (ya29.*)
Each tool call request must include valid bearer token

Use Cases:

Integrating with existing authentication systems
Custom OAuth flows managed by your application
API gateways that handle authentication upstream
Multi-tenant SaaS applications with centralized auth
Mobile or web apps with thei

More MCP Servers

MCP Servers

Playwright MCP

Official Microsoft Playwright MCP server — give Claude full browser automation: navigate pages, click elements, fill forms, take screenshots, and scrape content.

playwrightbrowserautomation+3

by Microsoft

GitHub

MCP Servers

Container Use (Dagger)

Official Dagger MCP server — give Claude isolated container environments per task. Each agent gets its own container with configurable tools, filesystem, and network access.

daggercontainersdocker+4

by Dagger

GitHub

MCP Servers

E2B Code Sandbox MCP

Official E2B MCP server — execute arbitrary code in secure cloud sandboxes, run scripts in isolated environments, and get output back in Claude without local execution risks.

e2bsandboxcode-execution+4

by E2B

GitHub

Google Workspace MCP

Google Workspace MCP Server

Support for all free Google accounts (Gmail, Docs, Drive etc) & Google Workspace plans (Starter, Standard, Plus, Enterprise, Non Profit) with expanded app options like Chat & Spaces. Interested in a private, managed cloud instance? That can be arranged.

Overview

Features

Quick Start

One-Click Claude Desktop Install

Prerequisites

Configuration

Google Custom Search Setup

Start the Server

CLI

Tool Tiers

Available Tiers

Important Notes

Usage Examples

📋 Credential Configuration

🧰 Available Tools

📅 Google Calendar calendar_tools.py

📁 Google Drive drive_tools.py

📧 Gmail gmail_tools.py

📝 Google Docs docs_tools.py

📊 Google Sheets sheets_tools.py

🖼️ Google Slides slides_tools.py

📋 Google Forms forms_tools.py

✓ Google Tasks tasks_tools.py

👤 Google Contacts contacts_tools.py

💬 Google Chat chat_tools.py

🔍 Google Custom Search search_tools.py

⚡ Google Apps Script apps_script_tools.py

Connect to Claude Desktop

Stdio Mode (Legacy - For Clients with Incomplete MCP Support)

Connect to LM Studio

2. Advanced / Cross-Platform Installation

Instant CLI (uvx)

Local Development Setup

OAuth 2.1 Support (Multi-User Bearer Token Authentication)

Stateless Mode (Container-Friendly)

OAuth Proxy Storage Backends

External OAuth 2.1 Provider Mode

More MCP Servers

Playwright MCP

Container Use (Dagger)

E2B Code Sandbox MCP

Command Palette

Support for all free Google accounts (Gmail, Docs, Drive etc) & Google Workspace plans (Starter, Standard, Plus, Enterprise, Non Profit) with expanded app options like Chat & Spaces.

Interested in a private, managed cloud instance? That can be arranged.

📅 Google Calendar _{calendar_tools.py}

📁 Google Drive _{drive_tools.py}

📧 Gmail _{gmail_tools.py}

📝 Google Docs _{docs_tools.py}

📊 Google Sheets _{sheets_tools.py}

🖼️ Google Slides _{slides_tools.py}

📋 Google Forms _{forms_tools.py}

✓ Google Tasks _{tasks_tools.py}

👤 Google Contacts _{contacts_tools.py}

💬 Google Chat _{chat_tools.py}

🔍 Google Custom Search _{search_tools.py}

⚡ Google Apps Script _{apps_script_tools.py}