mcp_server-with-google-OAuth
by Legitate
Overview
This server provides tools for managing employee records (list, add, update, delete) and integrates Google OAuth for authentication, making its functionalities accessible via the Model Context Protocol.
Installation
node src/index.jsEnvironment Variables
- API_BASE_URL
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- GOOGLE_REDIRECT_URI
Security Notes
The server logs sensitive Google OAuth tokens (credentials) to `/tmp/debug_mcp.log`. Any local attacker with read access to `/tmp` could compromise user accounts. Sensitive data like `tokens.json` (OAuth tokens) and `employees.json` are stored in plain text in the project root; their security relies heavily on host system file permissions. While input to employee management tools is validated with Zod, the critical flaw of logging tokens makes it unsafe to run as-is without modification.
Similar Servers
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.
mcp-s-oauth
Universal OAuth middleware for MCP (Model Context Protocol) servers, enabling authentication with various OAuth providers.
gcal-mcp
Serves as a Model Context Protocol (MCP) server for Google Calendar to query upcoming, date-specific, and searchable events.