| ### π Google MCP Auth Flow Summary | |
| - **`credentials.json`** β App credentials (downloaded once from Google Cloud Console). | |
| - **`token.json`** β User-specific OAuth token (auto-created on first run). | |
| --- | |
| ### βοΈ When & How It Happens | |
| 1. **At MCP startup:** | |
| The script loads `credentials.json` (OAuth client info). | |
| 2. **If no valid `token.json`:** | |
| - Browser-based OAuth flow starts. | |
| - You log in and grant access. | |
| - A new `token.json` is saved locally. | |
| 3. **On later runs:** | |
| - The MCP reads the existing `token.json`. | |
| - Automatically refreshes it if expired. | |
| - No browser prompt needed. | |
| --- | |
| ### π« Git Hygiene | |
| - β Never commit `token.json` to Git. | |
| - π€ Each developer generates their own token. | |
| - π₯οΈ For servers or CI β use a **service account** instead. | |