Google Drive MCP Server

# Google Drive API Setup Guide This guide provides detailed instructions for setting up Google Drive API access for the MCP Server. ## Overview The Google Drive MCP Server requires OAuth 2.0 credentials to access Google Drive on behalf of users. This guide walks through creating a Google Cloud project, enabling APIs, and configuring OAuth credentials. ## Step 1: Create Google Cloud Project ### 1.1 Access Google Cloud Console 1. Navigate to [Google Cloud Console](https://console.cloud.google.com/) 2. Sign in with your Google account 3. If this is your first time, accept the terms of service ### 1.2 Create New Project 1. Click the project selector dropdown (top left, next to "Google Cloud") 2. Click "New Project" in the dialog 3. Fill in project details: - **Project name**: `Google Drive MCP Server` (or your preferred name) - **Organization**: Leave as default or select your organization - **Location**: Leave as default 4. Click "Create" 5. Wait for project creation (usually takes 30-60 seconds) 6. Select your new project from the project selector ## Step 2: Enable Required APIs ### 2.1 Enable Google Drive API 1. In the Google Cloud Console, navigate to "APIs & Services" → "Library" 2. Search for "Google Drive API" 3. Click on "Google Drive API" from the results 4. Click "Enable" 5. Wait for the API to be enabled (usually instant) ### 2.2 Enable Google Docs API 1. Still in the API Library, search for "Google Docs API" 2. Click on "Google Docs API" 3. Click "Enable" ### 2.3 Verify Enabled APIs 1. Go to "APIs & Services" → "Enabled APIs & services" 2. Confirm you see: - Google Drive API - Google Docs API ## Step 3: Configure OAuth Consent Screen ### 3.1 Access OAuth Consent Screen 1. Go to "APIs & Services" → "OAuth consent screen" 2. Choose user type: - **Internal**: If you have a Google Workspace account and want to restrict to your organization - **External**: For personal Google accounts or public access (recommended for most users) 3. Click "Create" ### 3.2 Fill OAuth App Information **App Information:** - **App name**: `Google Drive MCP Server` - **User support email**: Your email address - **App logo**: Optional, you can skip this - **App domain**: Leave blank for now - **Authorized domains**: Leave blank for development **Developer Contact Information:** - **Email addresses**: Add your email address Click "Save and Continue" ### 3.3 Configure Scopes 1. Click "Add or Remove Scopes" 2. Add these scopes: - `https://www.googleapis.com/auth/drive.readonly` - `https://www.googleapis.com/auth/documents.readonly` 3. Click "Update" 4. Click "Save and Continue" ### 3.4 Add Test Users (External Apps Only) If you chose "External" user type: 1. Click "Add Users" 2. Add email addresses of users who should be able to use the app during testing 3. Include your own email address 4. Click "Save and Continue" ### 3.5 Review and Submit 1. Review your OAuth consent screen configuration 2. Click "Back to Dashboard" ## Step 4: Create OAuth 2.0 Credentials ### 4.1 Create Credentials 1. Go to "APIs & Services" → "Credentials" 2. Click "Create Credentials" → "OAuth client ID" 3. If prompted to configure OAuth consent screen, you should have already done this in Step 3 ### 4.2 Configure OAuth Client 1. **Application type**: Select "Desktop application" 2. **Name**: `Google Drive MCP Server Client` 3. Click "Create" ### 4.3 Download Credentials 1. A dialog will appear with your client ID and secret 2. Click "Download JSON" 3. Save the file as `credentials.json` in your project root directory 4. **Important**: Keep this file secure and never commit it to version control ### 4.4 Note Your Credentials The downloaded JSON file contains: ```json { "installed": { "client_id": "your-client-id.googleusercontent.com", "project_id": "your-project-id", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_secret": "your-client-secret", "redirect_uris": ["http://localhost"] } } ``` ## Step 5: Configure Redirect URIs (Optional) If you need custom redirect URIs: 1. Go back to "APIs & Services" → "Credentials" 2. Click on your OAuth client ID 3. In "Authorized redirect URIs", add: - `http://localhost:8080/callback` - `urn:ietf:wg:oauth:2.0:oob` 4. Click "Save" ## Step 6: Set Up Quotas and Limits ### 6.1 Check Current Quotas 1. Go to "APIs & Services" → "Quotas" 2. Filter by "Google Drive API" 3. Review your current limits: - **Queries per day**: 1,000,000,000 (default) - **Queries per 100 seconds per user**: 1,000 (default) ### 6.2 Request Quota Increases (If Needed) For production use with high volume: 1. Click on a quota limit 2. Click "Edit Quotas" 3. Fill out the quota increase request form 4. Provide justification for the increase 5. Submit the request ## Step 7: Security Best Practices ### 7.1 Credential Security - **Never commit credentials to version control** - Store `credentials.json` securely - Use environment variables in production - Rotate credentials regularly ### 7.2 Scope Minimization The server uses minimal scopes: - `drive.readonly`: Read-only access to Drive files - `documents.readonly`: Read-only access to Google Docs ### 7.3 Monitor Usage 1. Go to "APIs & Services" → "Dashboard" 2. Monitor API usage and quotas 3. Set up alerts for unusual activity 4. Review access logs regularly ## Troubleshooting ### Common Issues **"Access blocked" error:** - Ensure OAuth consent screen is properly configured - Add your email to test users (for external apps) - Check that required APIs are enabled **"Invalid client" error:** - Verify client ID and secret are correct - Check that redirect URIs match your configuration - Ensure the OAuth client is for "Desktop application" **Quota exceeded:** - Check current usage in API Dashboard - Request quota increases if needed - Implement proper caching to reduce API calls **"Insufficient permissions" error:** - Verify the required scopes are added to OAuth consent screen - Re-authenticate to get updated permissions - Check that APIs are enabled in your project ### Getting Help 1. **Google Cloud Support**: Available for paid accounts 2. **Stack Overflow**: Tag questions with `google-drive-api` and `oauth2` 3. **Google Drive API Documentation**: [developers.google.com/drive](https://developers.google.com/drive) ## Next Steps After completing this setup: 1. **Configure the MCP Server**: Use your credentials in `config.json` 2. **Run Authentication**: Use the CLI wizard to authenticate 3. **Test the Connection**: Verify everything works with test commands 4. **Review Security**: Ensure credentials are properly secured For detailed server configuration, see the [Setup Guide](./SETUP.md).