Gmail Credential Stubs

Applies to

MCP Server	Credential directory
`@gongrzhe/server-gmail-autoauth-mcp`	`~/.gmail-mcp/`

Other Google services (Calendar, Drive, Sheets) have their own credential stub pages.

Create the stubs

Create the directory if it doesn’t exist: mkdir -p ~/.gmail-mcp

`~/.gmail-mcp/gcp-oauth.keys.json`

{
  "installed": {
    "client_id": "onecli-managed.apps.googleusercontent.com",
    "client_secret": "onecli-managed",
    "redirect_uris": ["http://localhost:3000/oauth2callback"]
  }
}

`~/.gmail-mcp/credentials.json`

{
  "access_token": "onecli-managed",
  "refresh_token": "onecli-managed",
  "token_type": "Bearer",
  "expiry_date": 0
}

Rules

Never overwrite existing files that don’t contain onecli-managed values. The user may have real credentials.
All sentinel values use the string onecli-managed so they’re easy to detect programmatically.

How it works

expiry_date: 0 tells google-auth-library the token is expired. It immediately sends a refresh request to oauth2.googleapis.com/token with refresh_token: "onecli-managed". The OneCLI gateway intercepts that request and returns a real access token using the app connection you registered.

Getting Started

CLI

Guides

Vaults

Reference

Focus

Gmail Credential Stubs

Applies to

Create the stubs

`~/.gmail-mcp/gcp-oauth.keys.json`

`~/.gmail-mcp/credentials.json`

Rules

How it works

Getting Started

CLI

Guides

Vaults

Reference

Focus

​Applies to

​Create the stubs

​~/.gmail-mcp/gcp-oauth.keys.json

​~/.gmail-mcp/credentials.json

​Rules

​How it works

Applies to

Create the stubs

`~/.gmail-mcp/gcp-oauth.keys.json`

`~/.gmail-mcp/credentials.json`

Rules

How it works