google-calendar-streamable-mcp-server
by iceener
Overview
Manages Google Calendar events, checks availability, and schedules meetings via the Model Context Protocol (MCP) using OAuth 2.1.
Installation
bun devEnvironment Variables
- PROVIDER_CLIENT_ID
- PROVIDER_CLIENT_SECRET
- OAUTH_SCOPES
- OAUTH_REDIRECT_URI
- RS_TOKENS_ENC_KEY
Security Notes
The server explicitly states that its HTTP/OAuth layer is for development convenience and not production-grade security. Critical security gaps include: 1) The `isAllowedOrigin` function (for origin validation) is a placeholder returning `true` in production, making it vulnerable to CSRF/SSRF unless manually implemented. 2) The `wrangler.toml` defaults `OAUTH_REDIRECT_ALLOW_ALL` to `true`, a severe OAuth vulnerability if not set to `false` in production. 3) While token encryption is available via `RS_TOKENS_ENC_KEY` or `TOKENS_ENC_KEY`, it's optional, and skipping it results in plaintext storage of OAuth tokens, a major security risk. The server uses Zod for input validation and PKCE for OAuth, which are good practices, but the mentioned issues require immediate attention for any remote deployment.
Similar Servers
google-tag-manager-mcp-server
This server acts as a middleware to connect MCP (Model Context Protocol) clients with the Google Tag Manager API, enabling programmatic management of GTM accounts, containers, and resources.
gCalendar-mcp
This MCP server enables AI assistants to create and manage Google Calendar events.
gCalendar-mcp-python
Facilitate Google Calendar event creation and management via an MCP server, primarily for integration with AI agents like Claude Desktop App.
gcal-mcp
Serves as a Model Context Protocol (MCP) server for Google Calendar to query upcoming, date-specific, and searchable events.