Back to MCP Servers

Google Workspace

Comprehensive Google Workspace MCP server with full support for Google Calendar, Drive, Gmail, and Docs, Forms, Chats, Slides and Sheets over stdio, Streamable HTTP and SSE transports.

workplace-productivitygoai
By taylorwilsdon
2.8k844Updated 1 week agoPythonMIT

Installation

npx -y google_workspace_mcp

Configuration

{
  "mcpServers": {
    "google_workspace_mcp": {
      "command": "npx",
      "args": ["-y", "google_workspace_mcp"]
    }
  }
}

How to use

  1. Run the installation command above (if needed)
  2. Open your Claude Code settings file (~/.claude/settings.json)
  3. Add the configuration to the mcpServers section
  4. Restart Claude Code to apply changes
<!-- mcp-name: io.github.taylorwilsdon/workspace-mcp --> <div align="center">

<span style="color:#cad8d9">Google Workspace MCP Server</span> <img src="https://github.com/user-attachments/assets/b89524e4-6e6e-49e6-ba77-00d6df0c6e5c" width="80" align="right" />

License: MIT Python 3.10+ PyPI PyPI Downloads Website

Full natural language control over Google Calendar, Drive, Gmail, Docs, Sheets, Slides, Forms, Tasks, Contacts, and Chat through all MCP clients, AI assistants and developer tools.

Includes a full featured CLI & Code Mode for use with tools like Claude Code and Codex!

The most feature-complete Google Workspace MCP server, it can do things that Google's own tooling and the built in integrations with Claude and ChatGPT can't even dream of. With Remote OAuth2.1 multi-user support, fine-grained editing tools and the most extensive coverage of any Google Workspace tool in existance, Workspace MCP is in a different class. Offering native OAuth 2.1, stateless mode and external auth server support, it's also the only Workspace MCP you can host for your whole organization centrally & securely!

Support for all free Google accounts & Google Workspace plans (Starter, Standard, Plus, Enterprise, Non Profit) with expanded app options like Chat & Spaces. <br/><br /> Interested in a private, managed cloud instance? That can be arranged.
</div> <p align="center"> <a href="https://workspacemcp.com/docs"> <img src="https://img.shields.io/badge/Read%20the%20Docs-0969DA?style=for-the-badge&logo=readthedocs&logoColor=white" alt="Read the Docs"> </a><br /><a href="https://workspacemcp.com/quick-start"> <img src="https://img.shields.io/badge/Quick%20Start-2EA44F?style=for-the-badge" alt="Quick Start Guide"> </a> </p> <div align="center"> <a href="https://www.pulsemcp.com/servers/taylorwilsdon-google-workspace"> <img width="375" src="https://github.com/user-attachments/assets/0794ef1a-dc1c-447d-9661-9c704d7acc9d" align="center"/> </a> </div>
<div align="center"> <table> <tr> <td align="center"> <b>⚡ Start</b><br> <sub> <a href="#quick-start">Quick Start</a> · <a href="#prerequisites">Prerequisites</a><br> <a href="#configuration">Google Cloud</a> · <a href="#-credential-configuration">Credentials</a> </sub> </td> <td align="center"> <b>🧰 Tools</b><br> <sub> <a href="#-available-tools">All Tools</a> · <a href="#tool-tiers">Tool Tiers</a><br> <a href="#cli">CLI</a> · <a href="#start-the-server">Start Server</a> </sub> </td> <td align="center"> <b>🔌 Connect</b><br> <sub> <a href="#quick-start--connect-claude-to-google-workspace">Quick Start</a> · <a href="#connect-to-claude-desktop">Claude Desktop</a><br> <a href="#claude-code-mcp-client-support">Claude Code</a> · <a href="#vs-code-mcp-client-support">VS Code</a> · <a href="#connect-to-lm-studio">LM Studio</a> </sub> </td> <td align="center"> <b>🚀 Deploy</b><br> <sub> <a href="#oauth-21-support-multi-user-bearer-token-authentication">OAuth 2.1</a> · <a href="#stateless-mode-container-friendly">Stateless</a><br> <a href="#external-oauth-21-provider-mode">External OAuth</a> · <a href="#reverse-proxy-setup">Reverse Proxy</a> </sub> </td> <td align="center"> <b>📐 Develop</b><br> <sub> <a href="#-development">Architecture</a> · <a href="#local-development-setup">Dev Setup</a><br> <a href="#-security">Security</a> · <a href="#-license">License</a> </sub> </td> </tr> </table> </div>

See it in action:

<div align="center"> <video width="400" src="https://github.com/user-attachments/assets/a342ebb4-1319-4060-a974-39d202329710"></video> </div>

<span style="color:#adbcbc">Overview</span>

Workspace MCP is the single most complete MCP server, the only that integrates all major Google Workspace services with AI assistants and all agent platforms. The entire toolset is available for CLI usage supporting both local and remote instances.

<span style="color:#adbcbc">Features</span>

12 services  —  Gmail · Drive · Calendar · Docs · Sheets · Slides · Forms · Chat · Apps Script · Tasks · Contacts · Search

<table> <tr> <td valign="top" width="50%">

📧 Gmail — Complete email management, end-to-end coverage<br> 📁 Drive — File operations with sharing, permissions, Office files, PDFs & images<br> 📅 Calendar — Full event management with advanced features<br> 📝 Docs — Deep, fine-grained editing, formatting & comments<br> 📊 Sheets — Flexible cell management, formatting & conditional rules<br> 🖼️ Slides — Presentation creation, updates & content manipulation<br> 📋 Forms — Creation, publish settings & response management<br> 💬 Chat — Space management, messaging & reactions

</td> <td valign="top" width="50%">

⚡ Apps Script — Cross-application workflow automation<br> <sub> Projects · deployments · versions · execution · debugging</sub>

✅ Tasks — Task & list management with hierarchy<br> 👤 Contacts — People API with groups & batch operations<br> 🔍 Custom Search — Programmable Search Engine integration


🔐 Authentication & Security<br> <sub>OAuth 2.0 & 2.1 · auto token refresh · multi-user bearer tokens · transport-aware callbacks · CORS proxy</sub>

</td> </tr> </table>

<span style="color:#adbcbc">Security & Compliance</span>

<table> <tr> <td valign="top" width="50%">

For Security Teams

This server sends no data anywhere except Google's APIs, on behalf of the authenticated user, using your own OAuth client credentials. There is no telemetry, no usage reporting, no analytics, no license server, and no SaaS dependency. The entire data path is: your infrastructure → Google APIs.

  • Fully open source — every line is auditable in this repo
  • Your OAuth client, your GCP project — credentials never leave your environment
  • You control the scopes — read-only, granular per-service permissions, or full access
  • You control the network — deploy behind your reverse proxy, in your VPC, on your own terms
  • No third-party services — no intermediary servers, no token relays, no hosted backends
  • Stateless mode — zero disk writes for locked-down container environments
  • Sensitive path blocking — local file reads default to the managed attachment directory, and validate_file_path() still blocks .env* files plus common home-directory credential stores such as ~/.ssh/ and ~/.aws/ even if ALLOWED_FILE_DIRS is broadened

Full dependency tree in pyproject.toml, pinned in uv.lock.

</td> <td valign="top" width="50%">

For Legal & Procurement

This project is MIT licensed — not "open core," not "source available," not "free with a CLA." There is no dual licensing, no commercial tier gating features, and no contributor license agreement.

  • Use commercially without restriction — build products, sell services, deploy internally
  • Fork, embed, redistribute — MIT requires only attribution
  • No CLA — contributions remain under MIT
  • No telemetry to disclose — nothing to flag in a privacy review
  • No network effects — the server never contacts any endpoint you didn't configure
  • Standard dependency licenses — MIT, Apache 2.0, and BSD throughout the dependency chain; no copyleft, no AGPL

The license is 21 lines and says what it means.

</td> </tr> </table>

Quick Start

Set credentials → pick a launch command → connect your client

<div align="center">

💡 New to Workspace MCP? Check out the Interactive Quick Start Guide → with step-by-step setup, screenshots, and troubleshooting tips!

</div> <table> <tr> <td valign="top" width="50%">

Confidential Client Quick Start

# 1. Credentials
export GOOGLE_OAUTH_CLIENT_ID="..."
export GOOGLE_OAUTH_CLIENT_SECRET="..."

# 2. Launch — pick a tier
uvx workspace-mcp --tool-tier core       # essential tools
uvx workspace-mcp --tool-tier extended   # core + management ops
uvx workspace-mcp --tool-tier complete   # everything

# Or cherry-pick services
uv run main.py --tools gmail drive calendar
</td> <td valign="top" width="50%">

Secretless / Public OAuth 2.1 (PKCE) Quick Start

# 1. Credentials
export MCP_ENABLE_OAUTH21=true
export GOOGLE_OAUTH_CLIENT_ID="..."
export WORKSPACE_MCP_PORT=8000
export GOOGLE_OAUTH_REDIRECT_URI="http://localhost:${WORKSPACE_MCP_PORT}/oauth2callback"
export OAUTHLIB_INSECURE_TRANSPORT=1
# Leave GOOGLE_OAUTH_CLIENT_SECRET unset for public PKCE clients
export FASTMCP_SERVER_AUTH_GOOGLE_JWT_SIGNING_KEY="$(openssl rand -hex 32)"

# 2. Launch — OAuth 2.1 requires HTTP transport
uvx workspace-mcp --transport streamable-http --tool-tier core
uvx workspace-mcp --transport streamable-http --tool-tier extended
uvx workspace-mcp --transport streamable-http --tool-tier complete

# Or cherry-pick services
uv run main.py --transport streamable-http --tools gmail drive calendar
</td> </tr> </table>

<sub>Credential setup → · All launch options → · Tier details →</sub>

<details open> <summary><b>Environment Variable Reference</b></summary> <sub>
VariablePurpose
🔐 Authentication
GOOGLE_OAUTH_CLIENT_IDrequiredOAuth client ID from Google Cloud
GOOGLE_OAUTH_CLIENT_SECRETOAuth client secret for confidential clients; optional for public OAuth 2.1 PKCE clients
OAUTHLIB_INSECURE_TRANSPORTrequired*Set to 1 for development — allows http:// redirect
USER_GOOGLE_EMAILDefault email for single-user auth
GOOGLE_CLIENT_SECRET_PATHCustom path to client_secret.json
GOOGLE_MCP_CREDENTIALS_DIRCredential directory — default ~/.google_workspace_mcp/credentials
🖥️ Server
WORKSPACE_MCP_BASE_URIBase server URI (no port) — default http://localhost
WORKSPACE_MCP_PORTListening port — default 8000. Also controls the stdio-mode OAuth callback port. The PORT env var takes precedence if set.
WORKSPACE_MCP_HOSTBind host — default 0.0.0.0 for OAuth 2.1 HTTP, 127.0.0.1 for legacy streamable HTTP.
WORKSPACE_MCP_TRANSPORTstdio or streamable-http; used when --transport is not passed
WORKSPACE_MCP_HTTP_PORTAdvanced legacy-stdio sidecar /mcp port for local workspace-cli access. Disabled when empty. Binds to 127.0.0.1 only and is accessible to local processes.
WORKSPACE_EXTERNAL_URLExternal URL for reverse proxy setups
WORKSPACE_MCP_BRAND_NAMEOAuth 2.1 consent-page server name — default FastMCP's name
WORKSPACE_MCP_BRAND_ICON_URLOAuth 2.1 consent-page logo (hosted URL or data: URI), shown at 64px wide — default FastMCP's logo
WORKSPACE_MCP_BRAND_WEBSITE_URLOAuth 2.1 consent-page website link
WORKSPACE_ATTACHMENT_DIRDownloaded attachments dir and default trusted local attachment directory — default ~/.workspace-mcp/attachments/
WORKSPACE_MCP_URLRemote MCP endpoint URL for CLI
ALLOWED_FILE_DIRSColon-separated allowlist for local file reads
🧰 Tool Selection
WORKSPACE_MCP_TOOLSComma-separated services, e.g. gmail,drive,calendar; empty means all services
WORKSPACE_MCP_TOOL_TIERcore, extended, or complete; empty means

View source on GitHub