> ## Documentation Index
> Fetch the complete documentation index at: https://onecli.sh/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Gmail Credential Stubs

> Set up Gmail credential stubs so MCP servers that need Google OAuth tokens can start without manual auth flows or token files.

## Applies to

| MCP Server                            | Credential directory |
| ------------------------------------- | -------------------- |
| `@gongrzhe/server-gmail-autoauth-mcp` | `~/.gmail-mcp/`      |

Other Google services (Calendar, Drive, Sheets) have their own credential stub pages.

## Create the stubs

Create the directory if it doesn't exist: `mkdir -p ~/.gmail-mcp`

### `~/.gmail-mcp/gcp-oauth.keys.json`

```json theme={null}
{
  "installed": {
    "client_id": "onecli-managed.apps.googleusercontent.com",
    "client_secret": "onecli-managed",
    "redirect_uris": ["http://localhost:3000/oauth2callback"]
  }
}
```

### `~/.gmail-mcp/credentials.json`

```json theme={null}
{
  "access_token": "onecli-managed",
  "refresh_token": "onecli-managed",
  "token_type": "Bearer",
  "expiry_date": 0
}
```

## Rules

* **Never overwrite** existing files that don't contain `onecli-managed` values. The user may have real credentials.
* All sentinel values use the string `onecli-managed` so they're easy to detect programmatically.

## How it works

`expiry_date: 0` tells `google-auth-library` the token is expired. It immediately sends a refresh request to `oauth2.googleapis.com/token` with `refresh_token: "onecli-managed"`. The OneCLI gateway intercepts that request and returns a real access token using the app connection you registered.