Add OAuth

Integrating OAuth into Gram Functions is a simple process.

Accessing the token

const gram = new Gram({
  envSchema: {
    GOOGLE_ACCESS_TOKEN: z.string().describe("Google OAuth2 access token"),
  },
  authInput: {
    oauthVariable: "GOOGLE_ACCESS_TOKEN",
  },
})
  .tool({
    name: "search_files",
    description:
      "Search for PDF files in Google Drive. Takes a search query and returns matching files based on their filename.",
  },
  async execute(ctx, input) {
    const token = ctx.env.GOOGLE_ACCESS_TOKEN;
    return fetch(`https://www.googleapis.com/drive/v3/files`, {
      headers: { Authorization: `Bearer ${token}` },
    });
  },
});

The authInput object is used to specify which environment varibale should be populated with the OAuth token. Gram will then handle the OAuth exchange and automatically supply the token to your function.

Note that this will only work if you follow the steps below to enable OAuth for your MCP server.

Adding OAuth to your MCP server

Configuring OAuth for a toolset containing Gram Functions is the same as configuring OAuth for any other toolset. You can follow the steps in our guide to get started.

Caveats

MCP servers can only have one authentication method. This means that toolsets cannot contain tools that require different forms of OAuth (though they can contain any number of tools that DO NOT require OAuth alongside tools of a single OAuth type).