How to Secure MCP Servers with Google OAuth

MCP servers are powerful. They let tools like Claude, Cursor, and Windsurf call your custom abilities directly. But by default, anyone with the server URL can connect. If your abilities touch internal databases, deployment pipelines, or sensitive documents, that is a problem.

This tutorial walks you through securing multiple MCP server integrations behind a single Google OAuth connection. By the end, only authenticated members of your Google Workspace organization will be able to access your MCP servers, and each server will expose a separate set of capabilities through its own skillset.

What You'll Learn

• How to create a Google Cloud OAuth app configured as internal so only your organization can use it
• How to set up an OAuth connection in ChatBotKit with Google as the identity provider
• How to create multiple skillsets with specialized abilities
• How to create MCP server integrations, each linked to its own skillset and the shared OAuth connection
• How to test the full flow from Claude or another MCP client

Prerequisites

• A ChatBotKit account with access to the Blueprint Designer
• A Google Workspace account with admin access (or permission to create OAuth apps in Google Cloud Console)
• Basic familiarity with the Blueprint Designer and MCP concepts
• An MCP-compatible client such as Claude Desktop, Cursor, or Windsurf

Step 1: Create a Google Cloud OAuth App (Internal)

Before configuring anything in ChatBotKit, you need OAuth client credentials from Google. The critical setting here is making the app internal, which restricts authentication to users within your Google Workspace organization. External users will not even see the consent screen.

1.1 Open Google Cloud Console

1. Go to console.cloud.google.com
2. Select an existing project or create a new one (e.g., "ChatBotKit MCP Auth")

1.2 Configure the OAuth Consent Screen

1. In the left sidebar, navigate to APIs & Services > OAuth consent screen
2. Under User Type, select Internal

   Important: This is the key setting. Internal means only users with accounts in your Google Workspace organization can authenticate. If you select External, anyone with a Google account could potentially request access. For securing internal MCP servers, always choose Internal.

3. Click Create
4. Fill in the required fields:
   • App name: ChatBotKit MCP Auth (or any name your team will recognize)
   • User support email: Select your email address
   • Developer contact information: Enter your team's email
5. Click Save and Continue
6. On the Scopes screen, click Save and Continue without changes. The default scopes (openid, email, profile) are sufficient and do not need to be added explicitly.
7. Review the summary and click Back to Dashboard

1.3 Create OAuth Client Credentials

1. In the left sidebar, navigate to APIs & Services > Credentials
2. Click Create Credentials > OAuth client ID
3. For Application type, select Web application
4. Set the Name to ChatBotKit MCP (or similar)
5. Under Authorized redirect URIs, add: https://api.chatbotkit.com/oauth/connection/callback
6. Click Create
7. A dialog will display your Client ID and Client Secret - copy both and store them securely. You will need them in the next step.

Tip: If you ever need to retrieve these credentials later, go to APIs & Services > Credentials and click on your OAuth client.

Step 2: Choose Your Path - Blueprint or Manual Setup

You can build this architecture in two ways:

• Option A: Use the OAuth-Secured MCP Factory blueprint to get the full structure in one click, then fill in your credentials
• Option B: Build each resource manually to understand every piece

Both paths produce the same result. If this is your first time, Option A is faster. If you want to understand the mechanics, follow Option B.

Option A: Deploy the Blueprint

1. Navigate to the OAuth-Secured MCP Factory blueprint
2. Click Use Blueprint
3. The Blueprint Designer will load with all resources pre-configured: one OAuth connection, three MCP server integrations, three skillsets, and six abilities
4. Skip to Step 6 to fill in your Google OAuth credentials

Option B: Build Manually

Continue with Step 3 below.

Step 3: Create the OAuth Connection

The OAuth connection is the central authentication layer. All MCP server integrations will reference this single resource.

1. From your ChatBotKit dashboard, open the Blueprint Designer
2. In the right sidebar, expand the Advanced section
3. Drag a Connection resource onto the canvas
4. Click the connection to open its configuration panel
5. Fill in the following fields:
   • Name: Google Workspace Login
   • Description: OAuth 2.0 / OpenID Connect connection using Google for authenticating MCP server users
   • Issuer: https://accounts.google.com
   • Client ID: Paste the Client ID from Step 1.3
   • Client Secret: Paste the Client Secret from Step 1.3
   • Scopes: openid email profile
   • Allowed Domains: Enter your organization's domain (e.g., yourcompany.com)

Why Allowed Domains matters: Even though the Google app is internal, the allowed domains field provides a second layer of enforcement on the ChatBotKit side. If someone managed to obtain credentials for a different Google Workspace org, this field would still block them. Always set it to your company domain.

Step 4: Create Skillsets and Abilities

Each MCP server will expose a different set of tools. To enforce this separation, each server gets its own skillset.

4.1 Create the First Skillset

1. Drag a Skillset resource onto the canvas
2. Name it Productivity Tools
3. Set its description to Calendar management, document retrieval, and meeting note abilities

4.2 Add Abilities to the First Skillset

1. Drag an Ability resource onto the canvas
2. Name it Manage Calendar and describe what it does (e.g., "Create, update, and list calendar events")
3. Connect the ability to the Productivity Tools skillset by dragging a connection line from the ability's skillset handle to the skillset
4. Repeat for a second ability: Retrieve Documents - "Search and retrieve documents from connected storage"

4.3 Create Additional Skillsets

Repeat the process for each domain:

Data Tools skillset with:

• Run Database Query - Execute read-only SQL queries against the analytics database
• Generate Report - Compile query results into formatted reports

DevOps Tools skillset with:

• Trigger Deployment - Start a deployment pipeline for a specified service
• Check Service Health - Query service health endpoints and return current status

After this step, your canvas should have one OAuth connection, three skillsets, and six abilities (two per skillset).

Step 5: Create MCP Server Integrations

Now create the MCP server integrations and wire everything together.

5.1 Create the Productivity Server

1. In the sidebar, expand the Integrations section
2. Drag an MCP Server integration onto the canvas
3. Configure it:
   • Name: Productivity Server
   • Description: MCP server exposing calendar and document management tools, secured with Google OAuth
4. Connect its skillset handle to the Productivity Tools skillset
5. Connect its OAuth connection handle to the Google Workspace Login connection

5.2 Create the Data and DevOps Servers

Repeat for each server:

Data Server:

• Connect to Data Tools skillset
• Connect to Google Workspace Login OAuth connection

DevOps Server:

• Connect to DevOps Tools skillset
• Connect to Google Workspace Login OAuth connection

All three MCP servers now reference the same OAuth connection. A single Google sign-in will authenticate the user across every server.

Step 6: Fill in OAuth Credentials (Blueprint Users)

If you deployed from the blueprint, open each resource and fill in the values:

1. Click on the Google Workspace Login connection
2. Enter the Client ID and Client Secret from Step 1.3
3. Set Allowed Domains to your organization's domain (e.g., yourcompany.com)
4. All other fields (issuer, scopes) are pre-configured

Step 7: Deploy and Get MCP Server URLs

1. Click Deploy in the Blueprint Designer to provision all resources
2. After deployment, click on each MCP server integration to find its MCP Server URL
3. The URL includes an authorization query parameter that authenticates the connection. This parameter acts as an additional security layer on top of the OAuth connection itself.
4. Copy the URL for each server - you will need it to configure your MCP client

Step 8: Connect from Claude or Another MCP Client

Claude Desktop

Claude Desktop has a built-in connections wizard for adding MCP servers:

1. Open Claude Desktop and navigate to Settings > Connections
2. Click Add Connection
3. Paste the MCP server URL from Step 7 (it already includes the authorization parameter)
4. Repeat for each of the three servers (Productivity, Data, DevOps)

Cursor / Windsurf / Other Editors

For editors that use a configuration file, add each MCP server URL to the file. For example, in Cursor's .cursor/mcp.json:

Replace the placeholder values with the actual URLs from Step 7. Each URL is self-contained with the authorization parameter included, so no separate headers or tokens are needed. Refer to your editor's documentation for the exact file location and format.

Step 9: Test the Authentication Flow

1. Open your MCP client and trigger a tool that uses one of your MCP servers
2. The client will redirect you to Google's sign-in page
3. Sign in with your Google Workspace account
4. If your account belongs to the allowed domain, you will be authenticated and the tool call will proceed
5. Try signing in with a personal Gmail account or an account from a different organization - you should see an error because the app is configured as internal

Verification checklist:

• Google sign-in page appears when connecting for the first time
• Organization accounts are accepted
• Non-organization accounts are rejected
• Each MCP server exposes only its own skillset's abilities
• Tools execute successfully after authentication

Troubleshooting

"Access blocked: This app is restricted to users within the organization"

This means the authentication is working as intended. The user trying to connect is not part of your Google Workspace organization. Only users with email addresses under your configured domain can authenticate.

"Error 400: redirect_uri_mismatch"

The redirect URI in your Google Cloud OAuth client does not match the one ChatBotKit sends. Go to APIs & Services > Credentials in Google Cloud Console, click your OAuth client, and verify the authorized redirect URI is exactly:

"Invalid client_id" or "Invalid client_secret"

Double-check that you copied the full Client ID and Client Secret from Google Cloud Console. Trailing spaces or line breaks can cause this error.

MCP client shows no tools

Verify that the MCP server integration is connected to a skillset that has abilities. An MCP server with an empty skillset will not expose any tools.

Tools visible but calls fail

Check that the ability instructions are properly configured. Abilities with empty instruction fields will not execute. Fill in the ability template or custom instruction.

Inspecting event logs

Each skillset has an Event Logs section in the dashboard. Open the skillset and check its event logs to see detailed information about incoming requests, authentication results, and any errors that occurred during tool execution. This is the fastest way to identify what went wrong.

Next Steps

• Add more servers: Create additional MCP server integrations for new domains. Point them at the same OAuth connection to maintain single sign-on.
• Add abilities: Attach new abilities to existing skillsets. They become available through the corresponding MCP server immediately, no redeployment needed.
• Restrict by claims: Use the Required Claims field on the OAuth connection to enforce additional authorization rules (e.g., only users in a specific Google group).
• Try other providers: Swap Google for Okta, Auth0, or Azure AD by changing the issuer URL, client credentials, and redirect URI configuration.
• Explore the MCP Server integration tutorial for VSCode-specific setup
• Read How to Design Your Own AI Agent Architecture to learn more about combining building blocks into custom patterns