Google Drive MCP Server
An MCP (Model Context Protocol) server that enables Claude to interact with your Google Drive. Works with Claude Web via OAuth2 authentication.
Features
- List files - Browse your Drive files and folders
- Search - Full-text search across your Drive
- Read files - Read content from text files, Google Docs, and Sheets
- Create folders - Organize your Drive with new folders
- Create files - Create text files, JSON files, or Google Docs
- Create sheets - Create Google Sheets with optional data
- Move files - Move files and folders to different locations
- Edit docs - Full document editing with formatting, headings, images, links, and lists
Tools
| Tool | Description |
|---|---|
list_drive_files | List files in Drive, optionally filtered by folder, MIME type, or query |
get_file_info | Get detailed metadata about a specific file |
search_drive | Search files by name or content |
read_file | Read the content of a file (supports text files, Google Docs, Sheets as CSV) |
move_file | Move a file or folder to a different location |
rename_file | Rename a file or folder |
create_folder | Create a new folder |
create_file | Create a new file with text content |
create_sheet | Create a new Google Sheet with optional initial data |
append_to_doc | Append text to the end of a Google Doc |
find_replace_in_doc | Find and replace text in a Google Doc |
insert_text | Insert formatted text (bold, italic, colors, font size) at start or end |
set_heading | Convert a paragraph to a heading (H1-H6) |
insert_image | Insert an image from a URL |
insert_link | Insert a hyperlink |
insert_list | Insert a bulleted or numbered list |
Architecture
Claude Web → OAuth2 (PKCE) → Cloud Functions → Google Drive API
↓
In-memory state
JWT tokens
Secret Manager (credentials)
- Cloud Functions Gen 2 - Serverless deployment with automatic scaling
- In-memory state - Auth state stored in memory with automatic cleanup
- JWT tokens - Secure access/refresh tokens for MCP authentication
- Single-user - Restricted to a single authorized email (ALLOWED_EMAIL)
- PKCE required - OAuth 2.1 with S256 code challenge
See SETUP.md for detailed setup instructions.
Quick Start
Prerequisites
- Google Cloud account with billing enabled
gcloudCLI installed and authenticated- Node.js 20+
1. Clone and Install
git clone https://github.com/matty-v/google-drive-mcp.git
cd google-drive-mcp
npm install
2. Create OAuth Credentials
- Go to Google Cloud Console - Credentials
- Click Create Credentials → OAuth client ID
- Application type: Web application
- Name:
Google Drive MCP - Leave redirect URIs empty for now (we'll add after deployment)
- Copy the Client ID and Client Secret
3. Configure OAuth Consent Screen
- Go to OAuth consent screen
- User Type: External
- Fill in required fields
- Add scopes:
drive,spreadsheets,documents,userinfo.email - Add yourself as a test user
4. Store Secrets
export GCP_PROJECT="your-project-id"
# Store OAuth credentials
echo -n "YOUR_CLIENT_ID" | gcloud secrets create oauth-client-id --data-file=- --project=$GCP_PROJECT
echo -n "YOUR_CLIENT_SECRET" | gcloud secrets create oauth-client-secret --data-file=- --project=$GCP_PROJECT
uuidgen | tr -d '\n' | gcloud secrets create jwt-secret --data-file=- --project=$GCP_PROJECT
5. Deploy
export ALLOWED_EMAIL="your-email@gmail.com"
./deploy.sh
The script will output the function URL. Add this as the authorized redirect URI in your OAuth credentials:
https://YOUR-FUNCTION-URL/oauth/callback
6. Connect to Claude Web
- Go to claude.ai
- Settings → Integrations
- Add MCP server with your Cloud Functions URL
- Click Connect and authenticate with Google
GitHub Actions Deployment
This repo includes automatic deployment via GitHub Actions on push to main.
Required secrets:
WIF_PROVIDER- Workload Identity Federation providerALLOWED_EMAIL- Authorized user email
See .github/workflows/deploy.yml for details.
Usage Examples
Once connected, you can ask Claude:
- "List my recent Google Drive files"
- "Search my Drive for documents about quarterly reports"
- "Read the content of my meeting notes document"
- "What's in my budget spreadsheet?"
- "Create a folder called 'Projects' in my Drive"
- "Create a file called 'notes.txt' with my meeting notes"
- "Create a Google Doc called 'Project Plan' with an outline"
- "Move the budget spreadsheet to the Finance folder"
- "Create a spreadsheet called 'Expenses' with columns for Date, Description, and Amount"
- "Append today's meeting notes to my Project Doc"
- "Replace all occurrences of '2024' with '2025' in my annual report"
- "Add a bold heading called 'Introduction' to my blog post"
- "Insert a bulleted list of key takeaways"
- "Add a link to the source article"
Security
- OAuth2 with PKCE - Secure authorization flow with S256 code challenge
- Single-user authentication - Only the configured ALLOWED_EMAIL can authenticate
- JWT tokens - Short-lived access tokens (1 hour), long-lived refresh tokens (30 days)
- In-memory state - No persistent storage of auth state (tokens stored only in memory)
- Secret Manager - OAuth credentials stored securely in Google Secret Manager
- No credential storage - Your Google password never touches the server
Development
# Install dependencies
npm install
# Build TypeScript
npm run build
# Run tests
npm test
# Run locally (requires environment variables)
export BASE_URL="http://localhost:8080"
export GOOGLE_CLIENT_ID="..."
export GOOGLE_CLIENT_SECRET="..."
export ALLOWED_EMAIL="your-email@gmail.com"
npm start
License
MIT