google-calendar-streamable-mcp-server
by iceener
Overview
Manage Google Calendar events (search, create, update, delete, respond, check availability) via a Model Context Protocol (MCP) server.
Installation
bun devEnvironment Variables
- PROVIDER_CLIENT_ID
- PROVIDER_CLIENT_SECRET
- OAUTH_SCOPES
- OAUTH_REDIRECT_URI
- OAUTH_REDIRECT_ALLOWLIST
- RS_TOKENS_ENC_KEY
Security Notes
The server implements robust security mechanisms for OAuth 2.1 (PKCE, token encryption at rest if configured) and extensive input validation (Zod). However, a critical vulnerability exists in `src/shared/mcp/security.ts` where the `isAllowedOrigin` function, used for origin validation in production, defaults to always returning `true`. This means any origin can connect to the server, making it highly insecure for remote production deployment without modification. The server explicitly warns in the README and code that `RS_TOKENS_ENC_KEY` (Node.js) or `TOKENS_ENC_KEY` (Cloudflare Workers) is highly recommended for encrypting tokens at rest, otherwise, they are stored unencrypted.
Similar Servers
google-tag-manager-mcp-server
This server acts as a middleware proxy for Model Context Protocol (MCP) clients to interact with the Google Tag Manager API, enabling AI agents to manage GTM accounts, containers, workspaces, and various resources like tags, triggers, and variables securely via Google OAuth.
gCalendar-mcp
Enables AI assistants to create and manage Google Calendar events.
stateful-auth-for-mcp-servers
Integrates Google Gmail and Calendar APIs to enable an AI agent to read emails and manage calendar events with stateful authorization for event deletions.
gCalendar-mcp-python
Integrates Google Calendar event creation and management capabilities with the Claude desktop app via the Model Context Protocol (MCP).