workspace-mcp 1.0.2__tar.gz → 1.0.4__tar.gz

{workspace_mcp-1.0.2 → workspace_mcp-1.0.4}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: workspace-mcp
-Version: 1.0.2
+Version: 1.0.4
 Summary: Comprehensive, highly performant Google Workspace Streamable HTTP & SSE MCP Server for Calendar, Gmail, Docs, Sheets, Slides & Drive
 Author-email: Taylor Wilsdon <taylor@taylorwilsdon.com>
 License: MIT
@@ -76,6 +76,14 @@ Dynamic: license-file
 
 ---
 
+### A quick plug for AI-Enhanced Docs
+
+> **This README was crafted with AI assistance, and here's why that matters**
+> 
+> As a solo developer building open source tools that may only ever serve my own needs, comprehensive documentation often wouldn't happen without AI help. Using agentic dev tools like **Roo** & **Claude Code** that understand the entire codebase, AI doesn't just regurgitate generic content - it extracts real implementation details and creates accurate, specific documentation.
+>
+> In this case, Sonnet 4 took a pass & a human (me) verified them 6/28/25.
+
 
 ## 🌐 Overview
 
@@ -87,9 +95,9 @@ A production-ready MCP server that integrates all major Google Workspace service
 - **📅 Google Calendar**: Full calendar management with event CRUD operations
 - **📁 Google Drive**: File operations with native Microsoft Office format support (.docx, .xlsx)
 - **📧 Gmail**: Complete email management with search, send, and draft capabilities
-- **📄 Google Docs**: Document operations including content extraction and creation
-- **📊 Google Sheets**: Comprehensive spreadsheet management with flexible cell operations
-- **🖼️ Google Slides**: Presentation management with slide creation, updates, and content manipulation
+- **📄 Google Docs**: Document operations including content extraction, creation, and comment management
+- **📊 Google Sheets**: Comprehensive spreadsheet management with flexible cell operations and comment management
+- **🖼️ Google Slides**: Presentation management with slide creation, updates, content manipulation, and comment management
 - **📝 Google Forms**: Form creation, retrieval, publish settings, and response management
 - **💬 Google Chat**: Space management and messaging capabilities
 - **🔄 Multiple Transports**: HTTP with SSE fallback, OpenAPI compatibility via `mcpo`
@@ -102,9 +110,13 @@ A production-ready MCP server that integrates all major Google Workspace service
 
 ### Simplest Start (uvx - Recommended)
 
-Run instantly without installation:
+> Run instantly without manual installation - you must configure OAuth credentials when using uvx. You can use either environment variables (recommended for production) or set the `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable to point to your `client_secret.json` file.
 
 ```bash
+# Set OAuth credentials via environment variables (recommended)
+export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+
 # Start the server with all Google Workspace tools
 uvx workspace-mcp
 
@@ -138,19 +150,43 @@ uv run main.py
 1. **Google Cloud Setup**:
    - Create OAuth 2.0 credentials (web application) in [Google Cloud Console](https://console.cloud.google.com/)
    - Enable APIs: Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Chat
-   - Download credentials as `client_secret.json` in project root
-     - To use a different location for `client_secret.json`, you can set the `GOOGLE_CLIENT_SECRETS` environment variable with that path
    - Add redirect URI: `http://localhost:8000/oauth2callback`
+   - Configure credentials using one of these methods:
+
+     **Option A: Environment Variables (Recommended for Production)**
+     ```bash
+     export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+     export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+     export GOOGLE_OAUTH_REDIRECT_URI="http://localhost:8000/oauth2callback"  # Optional
+     ```
+
+     **Option B: File-based (Traditional)**
+     - Download credentials as `client_secret.json` in project root
+     - To use a different location, set `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable with the file path
+
+   **Credential Loading Priority**:
+   1. Environment variables (`GOOGLE_OAUTH_CLIENT_ID`, `GOOGLE_OAUTH_CLIENT_SECRET`)
+   2. File specified by `GOOGLE_CLIENT_SECRET_PATH` or `GOOGLE_CLIENT_SECRETS` environment variable
+   3. Default file (`client_secret.json` in project root)
+
+   **Why Environment Variables?**
+   - ✅ Containerized deployments (Docker, Kubernetes)
+   - ✅ Cloud platforms (Heroku, Railway, etc.)
+   - ✅ CI/CD pipelines
+   - ✅ No secrets in version control
+   - ✅ Easy credential rotation
 
 2. **Environment**:
    ```bash
    export OAUTHLIB_INSECURE_TRANSPORT=1  # Development only
+   export USER_GOOGLE_EMAIL=your.email@gmail.com  # Optional: Default email for auth - use this for single user setups and you won't need to set your email in system prompt for magic auth
    ```
 
 3. **Server Configuration**:
    The server's base URL and port can be customized using environment variables:
    - `WORKSPACE_MCP_BASE_URI`: Sets the base URI for the server (default: http://localhost). This affects the server_url used for Gemini native function calling and the OAUTH_REDIRECT_URI.
    - `WORKSPACE_MCP_PORT`: Sets the port the server listens on (default: 8000). This affects the server_url, port, and OAUTH_REDIRECT_URI.
+   - `USER_GOOGLE_EMAIL`: Optional default email for authentication flows. If set, the LLM won't need to specify your email when calling `start_google_auth`.
 
 ### Start the Server
 
@@ -198,7 +234,11 @@ python install_claude.py
   "mcpServers": {
     "google_workspace": {
       "command": "uvx",
-      "args": ["workspace-mcp"]
+      "args": ["workspace-mcp"],
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -211,7 +251,11 @@ python install_claude.py
     "google_workspace": {
       "command": "uv",
       "args": ["run", "main.py"],
-      "cwd": "/path/to/google_workspace_mcp"
+      "cwd": "/path/to/google_workspace_mcp",
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -259,7 +303,8 @@ When calling a tool:
 |------|-------------|
 | `list_calendars` | List accessible calendars |
 | `get_events` | Retrieve events with time range filtering |
-| `create_event` | Create events (all-day or timed) |
+| `get_event` | Fetch detailed information of a single event by ID |
+| `create_event` | Create events (all-day or timed) with optional Drive file attachments |
 | `modify_event` | Update existing events |
 | `delete_event` | Remove events |
 
@@ -270,7 +315,7 @@ When calling a tool:
 | `search_drive_files` | Search files with query syntax |
 | `get_drive_file_content` | Read file content (supports Office formats) |
 | `list_drive_items` | List folder contents |
-| `create_drive_file` | Create new files |
+| `create_drive_file` | Create new files or fetch content from public URLs |
 
 ### 📧 Gmail ([`gmail_tools.py`](gmail/gmail_tools.py))
 
@@ -289,6 +334,10 @@ When calling a tool:
 | `get_doc_content` | Extract document text |
 | `list_docs_in_folder` | List docs in folder |
 | `create_doc` | Create new documents |
+| `read_doc_comments` | Read all comments and replies |
+| `create_doc_comment` | Create new comments |
+| `reply_to_comment` | Reply to existing comments |
+| `resolve_comment` | Resolve comments |
 
 ### 📊 Google Sheets ([`sheets_tools.py`](gsheets/sheets_tools.py))
 
@@ -300,6 +349,24 @@ When calling a tool:
 | `modify_sheet_values` | Write/update/clear cells |
 | `create_spreadsheet` | Create new spreadsheets |
 | `create_sheet` | Add sheets to existing files |
+| `read_sheet_comments` | Read all comments and replies |
+| `create_sheet_comment` | Create new comments |
+| `reply_to_sheet_comment` | Reply to existing comments |
+| `resolve_sheet_comment` | Resolve comments |
+
+### 🖼️ Google Slides ([`slides_tools.py`](gslides/slides_tools.py))
+
+| Tool | Description |
+|------|-------------|
+| `create_presentation` | Create new presentations |
+| `get_presentation` | Retrieve presentation details |
+| `batch_update_presentation` | Apply multiple updates at once |
+| `get_page` | Get specific slide information |
+| `get_page_thumbnail` | Generate slide thumbnails |
+| `read_presentation_comments` | Read all comments and replies |
+| `create_presentation_comment` | Create new comments |
+| `reply_to_presentation_comment` | Reply to existing comments |
+| `resolve_presentation_comment` | Resolve comments |
 
 ### 📝 Google Forms ([`forms_tools.py`](gforms/forms_tools.py))
 

{workspace_mcp-1.0.2 → workspace_mcp-1.0.4}/README.md

@@ -34,6 +34,14 @@
 
 ---
 
+### A quick plug for AI-Enhanced Docs
+
+> **This README was crafted with AI assistance, and here's why that matters**
+> 
+> As a solo developer building open source tools that may only ever serve my own needs, comprehensive documentation often wouldn't happen without AI help. Using agentic dev tools like **Roo** & **Claude Code** that understand the entire codebase, AI doesn't just regurgitate generic content - it extracts real implementation details and creates accurate, specific documentation.
+>
+> In this case, Sonnet 4 took a pass & a human (me) verified them 6/28/25.
+
 
 ## 🌐 Overview
 
@@ -45,9 +53,9 @@ A production-ready MCP server that integrates all major Google Workspace service
 - **📅 Google Calendar**: Full calendar management with event CRUD operations
 - **📁 Google Drive**: File operations with native Microsoft Office format support (.docx, .xlsx)
 - **📧 Gmail**: Complete email management with search, send, and draft capabilities
-- **📄 Google Docs**: Document operations including content extraction and creation
-- **📊 Google Sheets**: Comprehensive spreadsheet management with flexible cell operations
-- **🖼️ Google Slides**: Presentation management with slide creation, updates, and content manipulation
+- **📄 Google Docs**: Document operations including content extraction, creation, and comment management
+- **📊 Google Sheets**: Comprehensive spreadsheet management with flexible cell operations and comment management
+- **🖼️ Google Slides**: Presentation management with slide creation, updates, content manipulation, and comment management
 - **📝 Google Forms**: Form creation, retrieval, publish settings, and response management
 - **💬 Google Chat**: Space management and messaging capabilities
 - **🔄 Multiple Transports**: HTTP with SSE fallback, OpenAPI compatibility via `mcpo`
@@ -60,9 +68,13 @@ A production-ready MCP server that integrates all major Google Workspace service
 
 ### Simplest Start (uvx - Recommended)
 
-Run instantly without installation:
+> Run instantly without manual installation - you must configure OAuth credentials when using uvx. You can use either environment variables (recommended for production) or set the `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable to point to your `client_secret.json` file.
 
 ```bash
+# Set OAuth credentials via environment variables (recommended)
+export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+
 # Start the server with all Google Workspace tools
 uvx workspace-mcp
 
@@ -96,19 +108,43 @@ uv run main.py
 1. **Google Cloud Setup**:
    - Create OAuth 2.0 credentials (web application) in [Google Cloud Console](https://console.cloud.google.com/)
    - Enable APIs: Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Chat
-   - Download credentials as `client_secret.json` in project root
-     - To use a different location for `client_secret.json`, you can set the `GOOGLE_CLIENT_SECRETS` environment variable with that path
    - Add redirect URI: `http://localhost:8000/oauth2callback`
+   - Configure credentials using one of these methods:
+
+     **Option A: Environment Variables (Recommended for Production)**
+     ```bash
+     export GOOGLE_OAUTH_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+     export GOOGLE_OAUTH_CLIENT_SECRET="your-client-secret"
+     export GOOGLE_OAUTH_REDIRECT_URI="http://localhost:8000/oauth2callback"  # Optional
+     ```
+
+     **Option B: File-based (Traditional)**
+     - Download credentials as `client_secret.json` in project root
+     - To use a different location, set `GOOGLE_CLIENT_SECRET_PATH` (or legacy `GOOGLE_CLIENT_SECRETS`) environment variable with the file path
+
+   **Credential Loading Priority**:
+   1. Environment variables (`GOOGLE_OAUTH_CLIENT_ID`, `GOOGLE_OAUTH_CLIENT_SECRET`)
+   2. File specified by `GOOGLE_CLIENT_SECRET_PATH` or `GOOGLE_CLIENT_SECRETS` environment variable
+   3. Default file (`client_secret.json` in project root)
+
+   **Why Environment Variables?**
+   - ✅ Containerized deployments (Docker, Kubernetes)
+   - ✅ Cloud platforms (Heroku, Railway, etc.)
+   - ✅ CI/CD pipelines
+   - ✅ No secrets in version control
+   - ✅ Easy credential rotation
 
 2. **Environment**:
    ```bash
    export OAUTHLIB_INSECURE_TRANSPORT=1  # Development only
+   export USER_GOOGLE_EMAIL=your.email@gmail.com  # Optional: Default email for auth - use this for single user setups and you won't need to set your email in system prompt for magic auth
    ```
 
 3. **Server Configuration**:
    The server's base URL and port can be customized using environment variables:
    - `WORKSPACE_MCP_BASE_URI`: Sets the base URI for the server (default: http://localhost). This affects the server_url used for Gemini native function calling and the OAUTH_REDIRECT_URI.
    - `WORKSPACE_MCP_PORT`: Sets the port the server listens on (default: 8000). This affects the server_url, port, and OAUTH_REDIRECT_URI.
+   - `USER_GOOGLE_EMAIL`: Optional default email for authentication flows. If set, the LLM won't need to specify your email when calling `start_google_auth`.
 
 ### Start the Server
 
@@ -156,7 +192,11 @@ python install_claude.py
   "mcpServers": {
     "google_workspace": {
       "command": "uvx",
-      "args": ["workspace-mcp"]
+      "args": ["workspace-mcp"],
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -169,7 +209,11 @@ python install_claude.py
     "google_workspace": {
       "command": "uv",
       "args": ["run", "main.py"],
-      "cwd": "/path/to/google_workspace_mcp"
+      "cwd": "/path/to/google_workspace_mcp",
+      "env": {
+        "GOOGLE_OAUTH_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_OAUTH_CLIENT_SECRET": "your-client-secret"
+      }
     }
   }
 }
@@ -217,7 +261,8 @@ When calling a tool:
 |------|-------------|
 | `list_calendars` | List accessible calendars |
 | `get_events` | Retrieve events with time range filtering |
-| `create_event` | Create events (all-day or timed) |
+| `get_event` | Fetch detailed information of a single event by ID |
+| `create_event` | Create events (all-day or timed) with optional Drive file attachments |
 | `modify_event` | Update existing events |
 | `delete_event` | Remove events |
 
@@ -228,7 +273,7 @@ When calling a tool:
 | `search_drive_files` | Search files with query syntax |
 | `get_drive_file_content` | Read file content (supports Office formats) |
 | `list_drive_items` | List folder contents |
-| `create_drive_file` | Create new files |
+| `create_drive_file` | Create new files or fetch content from public URLs |
 
 ### 📧 Gmail ([`gmail_tools.py`](gmail/gmail_tools.py))
 
@@ -247,6 +292,10 @@ When calling a tool:
 | `get_doc_content` | Extract document text |
 | `list_docs_in_folder` | List docs in folder |
 | `create_doc` | Create new documents |
+| `read_doc_comments` | Read all comments and replies |
+| `create_doc_comment` | Create new comments |
+| `reply_to_comment` | Reply to existing comments |
+| `resolve_comment` | Resolve comments |
 
 ### 📊 Google Sheets ([`sheets_tools.py`](gsheets/sheets_tools.py))
 
@@ -258,6 +307,24 @@ When calling a tool:
 | `modify_sheet_values` | Write/update/clear cells |
 | `create_spreadsheet` | Create new spreadsheets |
 | `create_sheet` | Add sheets to existing files |
+| `read_sheet_comments` | Read all comments and replies |
+| `create_sheet_comment` | Create new comments |
+| `reply_to_sheet_comment` | Reply to existing comments |
+| `resolve_sheet_comment` | Resolve comments |
+
+### 🖼️ Google Slides ([`slides_tools.py`](gslides/slides_tools.py))
+
+| Tool | Description |
+|------|-------------|
+| `create_presentation` | Create new presentations |
+| `get_presentation` | Retrieve presentation details |
+| `batch_update_presentation` | Apply multiple updates at once |
+| `get_page` | Get specific slide information |
+| `get_page_thumbnail` | Generate slide thumbnails |
+| `read_presentation_comments` | Read all comments and replies |
+| `create_presentation_comment` | Create new comments |
+| `reply_to_presentation_comment` | Reply to existing comments |
+| `resolve_presentation_comment` | Resolve comments |
 
 ### 📝 Google Forms ([`forms_tools.py`](gforms/forms_tools.py))
 

{workspace_mcp-1.0.2 → workspace_mcp-1.0.4}/auth/google_auth.py

@@ -27,7 +27,7 @@ DEFAULT_CREDENTIALS_DIR = ".credentials"
 # This should be more robust in a production system once OAuth2.1 is implemented in client.
 _SESSION_CREDENTIALS_CACHE: Dict[str, Credentials] = {}
 # Centralized Client Secrets Path Logic
-_client_secrets_env = os.getenv("GOOGLE_CLIENT_SECRETS")
+_client_secrets_env = os.getenv("GOOGLE_CLIENT_SECRET_PATH") or os.getenv("GOOGLE_CLIENT_SECRETS")
 if _client_secrets_env:
     CONFIG_CLIENT_SECRETS_PATH = _client_secrets_env
 else:
@@ -151,22 +151,128 @@ def load_credentials_from_session(session_id: str) -> Optional[Credentials]:
         logger.debug(f"No credentials found in session cache for session_id: {session_id}")
     return credentials
 
+def load_client_secrets_from_env() -> Optional[Dict[str, Any]]:
+    """
+    Loads the client secrets from environment variables.
+
+    Environment variables used:
+        - GOOGLE_OAUTH_CLIENT_ID: OAuth 2.0 client ID
+        - GOOGLE_OAUTH_CLIENT_SECRET: OAuth 2.0 client secret
+        - GOOGLE_OAUTH_REDIRECT_URI: (optional) OAuth redirect URI
+
+    Returns:
+        Client secrets configuration dict compatible with Google OAuth library,
+        or None if required environment variables are not set.
+    """
+    client_id = os.getenv("GOOGLE_OAUTH_CLIENT_ID")
+    client_secret = os.getenv("GOOGLE_OAUTH_CLIENT_SECRET")
+    redirect_uri = os.getenv("GOOGLE_OAUTH_REDIRECT_URI")
+
+    if client_id and client_secret:
+        # Create config structure that matches Google client secrets format
+        web_config = {
+            "client_id": client_id,
+            "client_secret": client_secret,
+            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+            "token_uri": "https://oauth2.googleapis.com/token",
+            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs"
+        }
+
+        # Add redirect_uri if provided via environment variable
+        if redirect_uri:
+            web_config["redirect_uris"] = [redirect_uri]
+
+        # Return the full config structure expected by Google OAuth library
+        config = {"web": web_config}
+
+        logger.info("Loaded OAuth client credentials from environment variables")
+        return config
+
+    logger.debug("OAuth client credentials not found in environment variables")
+    return None
+
 def load_client_secrets(client_secrets_path: str) -> Dict[str, Any]:
-    """Loads the client secrets file."""
+    """
+    Loads the client secrets from environment variables (preferred) or from the client secrets file.
+
+    Priority order:
+    1. Environment variables (GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_CLIENT_SECRET)
+    2. File-based credentials at the specified path
+
+    Args:
+        client_secrets_path: Path to the client secrets JSON file (used as fallback)
+
+    Returns:
+        Client secrets configuration dict
+
+    Raises:
+        ValueError: If client secrets file has invalid format
+        IOError: If file cannot be read and no environment variables are set
+    """
+    # First, try to load from environment variables
+    env_config = load_client_secrets_from_env()
+    if env_config:
+        # Extract the "web" config from the environment structure
+        return env_config["web"]
+
+    # Fall back to loading from file
     try:
         with open(client_secrets_path, 'r') as f:
             client_config = json.load(f)
             # The file usually contains a top-level key like "web" or "installed"
             if "web" in client_config:
+                logger.info(f"Loaded OAuth client credentials from file: {client_secrets_path}")
                 return client_config["web"]
             elif "installed" in client_config:
-                 return client_config["installed"]
+                logger.info(f"Loaded OAuth client credentials from file: {client_secrets_path}")
+                return client_config["installed"]
             else:
                  logger.error(f"Client secrets file {client_secrets_path} has unexpected format.")
                  raise ValueError("Invalid client secrets file format")
     except (IOError, json.JSONDecodeError) as e:
         logger.error(f"Error loading client secrets file {client_secrets_path}: {e}")
         raise
+def check_client_secrets() -> Optional[str]:
+    """
+    Checks for the presence of OAuth client secrets, either as environment
+    variables or as a file.
+
+    Returns:
+        An error message string if secrets are not found, otherwise None.
+    """
+    env_config = load_client_secrets_from_env()
+    if not env_config and not os.path.exists(CONFIG_CLIENT_SECRETS_PATH):
+        logger.error(f"OAuth client credentials not found. No environment variables set and no file at {CONFIG_CLIENT_SECRETS_PATH}")
+        return f"OAuth client credentials not found. Please set GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET environment variables or provide a client secrets file at {CONFIG_CLIENT_SECRETS_PATH}."
+    return None
+
+def create_oauth_flow(scopes: List[str], redirect_uri: str, state: Optional[str] = None) -> Flow:
+    """Creates an OAuth flow using environment variables or client secrets file."""
+    # Try environment variables first
+    env_config = load_client_secrets_from_env()
+    if env_config:
+        # Use client config directly
+        flow = Flow.from_client_config(
+            env_config,
+            scopes=scopes,
+            redirect_uri=redirect_uri,
+            state=state
+        )
+        logger.debug("Created OAuth flow from environment variables")
+        return flow
+
+    # Fall back to file-based config
+    if not os.path.exists(CONFIG_CLIENT_SECRETS_PATH):
+        raise FileNotFoundError(f"OAuth client secrets file not found at {CONFIG_CLIENT_SECRETS_PATH} and no environment variables set")
+
+    flow = Flow.from_client_secrets_file(
+        CONFIG_CLIENT_SECRETS_PATH,
+        scopes=scopes,
+        redirect_uri=redirect_uri,
+        state=state
+    )
+    logger.debug(f"Created OAuth flow from client secrets file: {CONFIG_CLIENT_SECRETS_PATH}")
+    return flow
 
 # --- Core OAuth Logic ---
 
@@ -206,8 +312,7 @@ async def start_auth_flow(
             OAUTH_STATE_TO_SESSION_ID_MAP[oauth_state] = mcp_session_id
             logger.info(f"[start_auth_flow] Stored mcp_session_id '{mcp_session_id}' for oauth_state '{oauth_state}'.")
 
-        flow = Flow.from_client_secrets_file(
-            CONFIG_CLIENT_SECRETS_PATH, # Use module constant
+        flow = create_oauth_flow(
             scopes=SCOPES, # Use global SCOPES
             redirect_uri=redirect_uri, # Use passed redirect_uri
             state=oauth_state
@@ -240,7 +345,7 @@ async def start_auth_flow(
         return "\n".join(message_lines)
 
     except FileNotFoundError as e:
-        error_text = f"OAuth client secrets file not found: {e}. Please ensure '{CONFIG_CLIENT_SECRETS_PATH}' is correctly configured."
+        error_text = f"OAuth client credentials not found: {e}. Please either:\n1. Set environment variables: GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET\n2. Ensure '{CONFIG_CLIENT_SECRETS_PATH}' file exists"
         logger.error(error_text, exc_info=True)
         raise Exception(error_text)
     except Exception as e:
@@ -249,12 +354,12 @@ async def start_auth_flow(
         raise Exception(error_text)
 
 def handle_auth_callback(
-    client_secrets_path: str,
     scopes: List[str],
     authorization_response: str,
-    redirect_uri: str, # Made redirect_uri a required parameter
+    redirect_uri: str,
     credentials_base_dir: str = DEFAULT_CREDENTIALS_DIR,
-    session_id: Optional[str] = None
+    session_id: Optional[str] = None,
+    client_secrets_path: Optional[str] = None  # Deprecated: kept for backward compatibility
 ) -> Tuple[str, Credentials]:
     """
     Handles the callback from Google, exchanges the code for credentials,
@@ -262,12 +367,12 @@ def handle_auth_callback(
     and returns them.
 
     Args:
-        client_secrets_path: Path to the Google client secrets JSON file.
         scopes: List of OAuth scopes requested.
         authorization_response: The full callback URL from Google.
         redirect_uri: The redirect URI.
         credentials_base_dir: Base directory for credential files.
         session_id: Optional MCP session ID to associate with the credentials.
+        client_secrets_path: (Deprecated) Path to client secrets file. Ignored if environment variables are set.
 
     Returns:
         A tuple containing the user_google_email and the obtained Credentials object.
@@ -278,13 +383,16 @@ def handle_auth_callback(
         HttpError: If fetching user info fails.
     """
     try:
+        # Log deprecation warning if old parameter is used
+        if client_secrets_path:
+            logger.warning("The 'client_secrets_path' parameter is deprecated. Use GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET environment variables instead.")
+
         # Allow HTTP for localhost in development
         if 'OAUTHLIB_INSECURE_TRANSPORT' not in os.environ:
             logger.warning("OAUTHLIB_INSECURE_TRANSPORT not set. Setting it for localhost development.")
             os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
 
-        flow = Flow.from_client_secrets_file(
-            client_secrets_path,
+        flow = create_oauth_flow(
             scopes=scopes,
             redirect_uri=redirect_uri
         )

{workspace_mcp-1.0.2 → workspace_mcp-1.0.4}/auth/oauth_callback_server.py

@@ -15,7 +15,7 @@ import socket
 from fastapi import FastAPI, Request
 import uvicorn
 
-from auth.google_auth import handle_auth_callback, CONFIG_CLIENT_SECRETS_PATH
+from auth.google_auth import handle_auth_callback, check_client_secrets
 from auth.scopes import OAUTH_STATE_TO_SESSION_ID_MAP, SCOPES
 from auth.oauth_responses import create_error_response, create_success_response, create_server_error_response
 
@@ -59,6 +59,11 @@ class MinimalOAuthServer:
                 return create_error_response(error_message)
 
             try:
+                # Check if we have credentials available (environment variables or file)
+                error_message = check_client_secrets()
+                if error_message:
+                    return create_server_error_response(error_message)
+
                 logger.info(f"OAuth callback: Received code (state: {state}). Attempting to exchange for tokens.")
 
                 mcp_session_id: Optional[str] = OAUTH_STATE_TO_SESSION_ID_MAP.pop(state, None)
@@ -69,7 +74,6 @@ class MinimalOAuthServer:
 
                 # Exchange code for credentials
                 verified_user_id, credentials = handle_auth_callback(
-                    client_secrets_path=CONFIG_CLIENT_SECRETS_PATH,
                     scopes=SCOPES,
                     authorization_response=str(request.url),
                     redirect_uri=f"{self.base_uri}:{self.port}/oauth2callback",
@@ -106,7 +110,7 @@ class MinimalOAuthServer:
             hostname = parsed_uri.hostname or 'localhost'
         except Exception:
             hostname = 'localhost'
-            
+
         try:
             with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                 s.bind((hostname, self.port))