@piotr-agier/google-drive-mcp 1.7.6 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +122 -0
  2. package/dist/index.js +435 -144
  3. package/dist/index.js.map +4 -4
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -347,6 +347,46 @@ Add the server to your Claude Desktop configuration:
347
347
 
348
348
  **Note**: Replace `/path/to/your/gcp-oauth.keys.json` with the actual path to your OAuth credentials file.
349
349
 
350
+ ## Streamable HTTP Transport
351
+
352
+ By default the server uses stdio transport (for local MCP clients like Claude Desktop). You can also run it as an HTTP server using the Streamable HTTP transport, which enables remote/hosted deployments and shared gateways.
353
+
354
+ ### Starting in HTTP mode
355
+
356
+ ```bash
357
+ google-drive-mcp start --transport http --port 3100 --host 127.0.0.1
358
+ ```
359
+
360
+ Or with environment variables:
361
+
362
+ ```bash
363
+ MCP_TRANSPORT=http MCP_HTTP_PORT=3100 MCP_HTTP_HOST=127.0.0.1 google-drive-mcp start
364
+ ```
365
+
366
+ CLI flags take priority over environment variables.
367
+
368
+ | CLI Flag | Env Var | Default | Description |
369
+ |----------|---------|---------|-------------|
370
+ | `--transport` | `MCP_TRANSPORT` | `stdio` | `stdio` or `http` |
371
+ | `--port` | `MCP_HTTP_PORT` | `3100` | HTTP listen port |
372
+ | `--host` | `MCP_HTTP_HOST` | `127.0.0.1` | HTTP bind address |
373
+
374
+ The HTTP endpoint is `POST /mcp` for JSON-RPC requests, `GET /mcp` for SSE streaming, and `DELETE /mcp` to close a session. After the initial `initialize` request, all subsequent requests must include the `mcp-session-id` header returned in the initialize response.
375
+
376
+ When binding to `127.0.0.1` (default), DNS rebinding protection is automatically enabled. For remote deployments (`0.0.0.0`), use service account or external token authentication and ensure the endpoint is behind a reverse proxy with TLS. **Without authentication and TLS, anyone who can reach the port gets full access to the configured Google Drive account.**
377
+
378
+ ### MCP client configuration (HTTP)
379
+
380
+ ```json
381
+ {
382
+ "mcpServers": {
383
+ "google-drive": {
384
+ "url": "http://localhost:3100/mcp"
385
+ }
386
+ }
387
+ }
388
+ ```
389
+
350
390
  ## Available Tools
351
391
 
352
392
  ### Search and Navigation
@@ -898,6 +938,78 @@ Add the server to your Claude Desktop configuration:
898
938
  - `calendarId`: Calendar ID (optional, default: primary)
899
939
  - `sendUpdates`: Send cancellation notifications (optional, default: none)
900
940
 
941
+ ## External Authentication
942
+
943
+ For hosted, containerized, or CI/CD deployments where a browser-based OAuth flow is not available, the server supports two alternative authentication modes. They are checked in priority order before falling back to the default local OAuth flow.
944
+
945
+ ### 1. Service Account Mode
946
+
947
+ Set the standard `GOOGLE_APPLICATION_CREDENTIALS` environment variable to point to a service account JSON key file. Best for server-to-server, CI/CD, and container deployments.
948
+
949
+ ```json
950
+ {
951
+ "mcpServers": {
952
+ "google-drive": {
953
+ "command": "npx",
954
+ "args": ["@piotr-agier/google-drive-mcp"],
955
+ "env": {
956
+ "GOOGLE_APPLICATION_CREDENTIALS": "/path/to/service-account-key.json"
957
+ }
958
+ }
959
+ }
960
+ }
961
+ ```
962
+
963
+ **Note:** The service account must have access to the Google Drive files/folders you want to work with. For Shared Drives, grant the service account's email address the appropriate permissions.
964
+
965
+ ### 2. External OAuth Token Mode
966
+
967
+ Provide a pre-obtained OAuth access token via `GOOGLE_DRIVE_MCP_ACCESS_TOKEN`. This is useful when an external service handles the OAuth flow (e.g., a web app that obtains tokens on behalf of the user).
968
+
969
+ **Access token only** (no auto-refresh — token will eventually expire):
970
+ ```json
971
+ {
972
+ "mcpServers": {
973
+ "google-drive": {
974
+ "command": "npx",
975
+ "args": ["@piotr-agier/google-drive-mcp"],
976
+ "env": {
977
+ "GOOGLE_DRIVE_MCP_ACCESS_TOKEN": "ya29.a0AfH6SM..."
978
+ }
979
+ }
980
+ }
981
+ }
982
+ ```
983
+
984
+ **With refresh token** (recommended — enables automatic token refresh):
985
+ ```json
986
+ {
987
+ "mcpServers": {
988
+ "google-drive": {
989
+ "command": "npx",
990
+ "args": ["@piotr-agier/google-drive-mcp"],
991
+ "env": {
992
+ "GOOGLE_DRIVE_MCP_ACCESS_TOKEN": "ya29.a0AfH6SM...",
993
+ "GOOGLE_DRIVE_MCP_REFRESH_TOKEN": "1//0dx...",
994
+ "GOOGLE_DRIVE_MCP_CLIENT_ID": "123456789.apps.googleusercontent.com",
995
+ "GOOGLE_DRIVE_MCP_CLIENT_SECRET": "GOCSPX-..."
996
+ }
997
+ }
998
+ }
999
+ }
1000
+ ```
1001
+
1002
+ | Variable | Required | Description |
1003
+ |---|---|---|
1004
+ | `GOOGLE_DRIVE_MCP_ACCESS_TOKEN` | Yes (activates mode) | Google OAuth access token |
1005
+ | `GOOGLE_DRIVE_MCP_REFRESH_TOKEN` | No | Refresh token for auto-refresh |
1006
+ | `GOOGLE_DRIVE_MCP_CLIENT_ID` | Required with refresh token | OAuth client ID |
1007
+ | `GOOGLE_DRIVE_MCP_CLIENT_SECRET` | Required with refresh token | OAuth client secret |
1008
+
1009
+ ### 3. Local OAuth Flow (Default)
1010
+
1011
+ If neither of the above modes is configured, the server uses the existing browser-based OAuth flow. See below for details.
1012
+
901
1013
  ## Authentication Flow
902
1014
 
903
1015
  The server uses OAuth 2.0 for secure authentication:
@@ -1139,6 +1251,7 @@ google-drive-mcp/
1139
1251
  │ ├── auth.ts # Main authentication module
1140
1252
  │ ├── auth/ # Authentication components
1141
1253
  │ │ ├── client.ts # OAuth2 client setup
1254
+ │ │ ├── externalAuth.ts # Service account & external token auth
1142
1255
  │ │ ├── server.ts # Local auth server
1143
1256
  │ │ ├── tokenManager.ts # Token storage and validation
1144
1257
  │ │ └── utils.ts # Auth utilities
@@ -1198,6 +1311,15 @@ npm run typecheck # Type checking without compilation
1198
1311
  | `GOOGLE_DRIVE_MCP_TOKEN_PATH` | Override token storage location | `~/.config/google-drive-mcp/tokens.json` | `/custom/path/tokens.json` |
1199
1312
  | `DEBUG` | Enable debug logging | (disabled) | `google-drive-mcp:*` |
1200
1313
 
1314
+ **External Authentication** (alternative to local OAuth flow):
1315
+ | Variable | Description | Example |
1316
+ |----------|-------------|---------|
1317
+ | `GOOGLE_APPLICATION_CREDENTIALS` | Path to service account JSON key file | `/path/to/service-account.json` |
1318
+ | `GOOGLE_DRIVE_MCP_ACCESS_TOKEN` | Pre-obtained OAuth access token | `ya29.a0AfH6SM...` |
1319
+ | `GOOGLE_DRIVE_MCP_REFRESH_TOKEN` | Refresh token for auto-refresh (optional) | `1//0dx...` |
1320
+ | `GOOGLE_DRIVE_MCP_CLIENT_ID` | OAuth client ID (required with refresh token) | `123456789.apps.googleusercontent.com` |
1321
+ | `GOOGLE_DRIVE_MCP_CLIENT_SECRET` | OAuth client secret (required with refresh token) | `GOCSPX-...` |
1322
+
1201
1323
  #### System Variables (used by the codebase if present)
1202
1324
 
1203
1325
  These are standard system environment variables that the application reads but you typically don't need to set: