File size: 6,629 Bytes
c5c5634 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 |
# Gmail MCP Server with OAuth Authentication
This is an enhanced version of the Gmail MCP (Model Context Protocol) server that uses **OAuth 2.0 authentication** instead of requiring users to provide email credentials for each query.
## π Key Features
- **OAuth 2.0 Authentication**: Secure authentication flow using Google's OAuth system
- **One-time Setup**: Authenticate once, use anywhere
- **Automatic Token Refresh**: Handles token expiration automatically
- **Encrypted Storage**: Credentials are encrypted and stored securely
- **No More Password Sharing**: No need to provide email/password to Claude
## π Prerequisites
1. **Google Account**: You need a Gmail account
2. **Google Cloud Project**: Free to create
3. **Python 3.8+**: Required for running the server
## π οΈ Setup Instructions
### Step 1: Install Dependencies
```bash
pip install -r requirements_oauth.txt
```
### Step 2: Run the Interactive Setup
The setup script will guide you through the entire process:
```bash
python setup_oauth.py
```
This will walk you through:
1. Creating a Google Cloud project
2. Enabling the Gmail API
3. Setting up OAuth consent screen
4. Creating OAuth credentials
5. Testing the authentication flow
### Step 3: Start the MCP Server
```bash
python email_mcp_server_oauth.py
```
The server will start and show you:
- Authentication status
- MCP endpoint URL
- Web interface URL
## π§ Claude Desktop Configuration
Add this configuration to your Claude Desktop MCP settings:
```json
{
"mcpServers": {
"gmail-oauth": {
"command": "npx",
"args": [
"mcp-remote",
"http://localhost:7860/gradio_api/mcp/sse"
]
}
}
}
```
## π Available Tools
### 1. search_emails
Search your emails using natural language queries - **no credentials needed!**
**Parameters:**
- `query`: Natural language query (e.g., "show me emails from amazon last week")
**Example Usage in Claude:**
> "Can you search my emails for messages from Swiggy in the last week?"
### 2. get_email_details
Get full details of a specific email by message ID.
**Parameters:**
- `message_id`: Message ID from search results
### 3. analyze_email_patterns
Analyze email patterns from a specific sender over time.
**Parameters:**
- `sender_keyword`: Sender to analyze (e.g., "amazon", "google")
- `days_back`: Number of days to analyze (default: "30")
### 4. authenticate_user
Trigger the OAuth authentication flow from Claude Desktop.
**Parameters:** None
### 5. get_authentication_status
Check current authentication status.
**Parameters:** None
## π Security Features
### Encrypted Storage
- All credentials are encrypted using Fernet encryption
- Encryption keys are stored securely with proper permissions
- No plaintext credentials are ever stored
### OAuth Benefits
- No need to share Gmail passwords
- Granular permission control
- Easy revocation from Google Account settings
- Automatic token refresh
### Local Storage
- All data stored locally on your machine
- No cloud storage of credentials
- You maintain full control
## π§ Advanced Usage
### Command Line Tools
Check authentication status:
```bash
python setup_oauth.py --status
```
Re-authenticate:
```bash
python setup_oauth.py --auth
```
Clear stored credentials:
```bash
python setup_oauth.py --clear
```
Show help:
```bash
python setup_oauth.py --help
```
### Web Interface
When the server is running, you can access the web interface at:
```
http://localhost:7860
```
Use this interface to:
- Check authentication status
- Trigger authentication flow
- Test email search functionality
## π Comparison: OAuth vs App Passwords
| Feature | App Password (Old) | OAuth (New) |
|---------|-------------------|-------------|
| **Setup Complexity** | Simple | One-time setup required |
| **Security** | Share app password | No password sharing |
| **User Experience** | Enter credentials each time | Authenticate once |
| **Revocation** | Change app password | Revoke from Google Account |
| **Token Management** | Manual | Automatic refresh |
| **Scope Control** | Full Gmail access | Granular permissions |
## π Troubleshooting
### Authentication Issues
**"OAuth not configured" error:**
```bash
python setup_oauth.py
```
**"Not authenticated" error:**
```bash
python setup_oauth.py --auth
```
**Authentication timeout:**
- Check if port 8080 is available
- Try disabling firewall temporarily
- Ensure browser can access localhost:8080
### Common Issues
**"No module named 'google.auth'" error:**
```bash
pip install -r requirements_oauth.txt
```
**"Permission denied" on credential files:**
```bash
# Check permissions
ls -la ~/.mailquery_oauth/
# Should show restricted permissions (600/700)
```
**Browser doesn't open:**
- Copy the authorization URL manually
- Paste it in your browser
- Complete the flow manually
### Getting Help
1. Check authentication status: `python setup_oauth.py --status`
2. Review server logs for detailed error messages
3. Ensure Google Cloud project is properly configured
4. Verify OAuth consent screen is set up correctly
## π File Structure
```
~/.mailquery_oauth/
βββ client_secret.json # OAuth client configuration
βββ token.pickle # Encrypted access/refresh tokens
βββ key.key # Encryption key (secure permissions)
```
## π Migration from App Password Version
If you're migrating from the app password version:
1. Run the new OAuth setup: `python setup_oauth.py`
2. Update your Claude Desktop configuration to use the new server
3. The old environment variables (EMAIL_ID, APP_PASSWORD) are no longer needed
## π Support
For issues or questions:
1. Check the troubleshooting section above
2. Review the setup script output for specific guidance
3. Ensure all prerequisites are met
4. Verify Google Cloud project configuration
## π― Example Queries for Claude
Once set up, you can ask Claude:
- "Search my emails for messages from Amazon in the last month"
- "Show me emails from my bank from last week"
- "Analyze my LinkedIn email patterns over the last 60 days"
- "Find emails from Swiggy today"
- "Get details of the email with ID xyz123"
Claude will automatically use the OAuth-authenticated tools without asking for credentials!
## π Privacy & Data
- **No data leaves your machine**: All processing happens locally
- **Google only provides**: Access to your Gmail via official APIs
- **We store**: Encrypted authentication tokens only
- **We never store**: Email content, passwords, or personal data
- **You control**: Access can be revoked anytime from Google Account settings |