Gemini Google Web Search MCP

oauth.ts•5.15 KiB

import { OAuth2Client, Credentials } from 'google-auth-library'; import * as http from 'http'; import * as url from 'url'; import * as crypto from 'crypto'; import * as net from 'net'; import open from 'open'; import * as path from 'path'; import { promises as fs } from 'fs'; import * as os from 'os'; // OAuth Client ID for Gemini CLI const OAUTH_CLIENT_ID = process.env.OAUTH_CLIENT_ID || ''; const OAUTH_CLIENT_SECRET = process.env.OAUTH_CLIENT_SECRET || ''; // OAuth Scopes for Google AI Platform const OAUTH_SCOPE = [ 'https://www.googleapis.com/auth/generative-language.retriever', 'https://www.googleapis.com/auth/cloud-platform', ]; const HTTP_REDIRECT = 301; const SIGN_IN_SUCCESS_URL = 'https://developers.google.com/gemini-code-assist/auth_success_gemini'; const SIGN_IN_FAILURE_URL = 'https://developers.google.com/gemini-code-assist/auth_failure_gemini'; const GEMINI_DIR = '.gemini'; const CREDENTIAL_FILENAME = 'mcp_oauth_creds.json'; export interface OauthWebLogin { authUrl: string; loginCompletePromise: Promise<void>; } export async function getOauthClient(): Promise<OAuth2Client> { const client = new OAuth2Client({ clientId: OAUTH_CLIENT_ID, clientSecret: OAUTH_CLIENT_SECRET, }); if (await loadCachedCredentials(client)) { return client; } const webLogin = await authWithWeb(client); console.error( `\n\nGoogle login required for Gemini Web Search.\n` + `Attempting to open authentication page in your browser.\n` + `Otherwise navigate to:\n\n${webLogin.authUrl}\n\n`, ); await open(webLogin.authUrl); console.error('Waiting for authentication...'); await webLogin.loginCompletePromise; console.error('Authentication successful!'); return client; } async function authWithWeb(client: OAuth2Client): Promise<OauthWebLogin> { const port = await getAvailablePort(); const redirectUri = `http://localhost:${port}/oauth2callback`; const state = crypto.randomBytes(32).toString('hex'); const authUrl: string = client.generateAuthUrl({ redirect_uri: redirectUri, access_type: 'offline', scope: OAUTH_SCOPE, state, }); const loginCompletePromise = new Promise<void>((resolve, reject) => { const server = http.createServer(async (req, res) => { try { if (req.url!.indexOf('/oauth2callback') === -1) { res.writeHead(HTTP_REDIRECT, { Location: SIGN_IN_FAILURE_URL }); res.end(); reject(new Error('Unexpected request: ' + req.url)); return; } const qs = new url.URL(req.url!, `http://localhost:${port}`).searchParams; if (qs.get('error')) { res.writeHead(HTTP_REDIRECT, { Location: SIGN_IN_FAILURE_URL }); res.end(); reject(new Error(`Error during authentication: ${qs.get('error')}`)); } else if (qs.get('state') !== state) { res.end('State mismatch. Possible CSRF attack'); reject(new Error('State mismatch. Possible CSRF attack')); } else if (qs.get('code')) { const { tokens } = await client.getToken({ code: qs.get('code')!, redirect_uri: redirectUri, }); client.setCredentials(tokens); await cacheCredentials(client.credentials); res.writeHead(HTTP_REDIRECT, { Location: SIGN_IN_SUCCESS_URL }); res.end(); resolve(); } else { reject(new Error('No code found in request')); } } catch (e) { reject(e); } finally { server.close(); } }); server.listen(port); }); return { authUrl, loginCompletePromise, }; } export function getAvailablePort(): Promise<number> { return new Promise((resolve, reject) => { let port = 0; try { const server = net.createServer(); server.listen(0, () => { const address = server.address()! as net.AddressInfo; port = address.port; }); server.on('listening', () => { server.close(); server.unref(); }); server.on('error', (e) => reject(e)); server.on('close', () => resolve(port)); } catch (e) { reject(e); } }); } async function loadCachedCredentials(client: OAuth2Client): Promise<boolean> { try { const keyFile = process.env.GOOGLE_APPLICATION_CREDENTIALS || getCachedCredentialPath(); const creds = await fs.readFile(keyFile, 'utf-8'); client.setCredentials(JSON.parse(creds)); // Verify credentials const { token } = await client.getAccessToken(); if (!token) { return false; } // Check if token is valid await client.getTokenInfo(token); return true; } catch (_) { return false; } } async function cacheCredentials(credentials: Credentials) { const filePath = getCachedCredentialPath(); await fs.mkdir(path.dirname(filePath), { recursive: true }); const credString = JSON.stringify(credentials, null, 2); await fs.writeFile(filePath, credString); } function getCachedCredentialPath(): string { return path.join(os.homedir(), GEMINI_DIR, CREDENTIAL_FILENAME); } export async function clearCachedCredentialFile() { try { await fs.rm(getCachedCredentialPath()); } catch (_) { // Ignore errors } }

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/louxsye/google-web-search-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

oauth.ts•5.15 KiB