MCP Integration

inbox.dog implements the MCP Authorization spec. Any MCP client can connect, authenticate via OAuth, and use Gmail tools — no SDK needed.

How it works

MCP clients discover auth endpoints automatically via standard OAuth metadata:

Client connects to https://inbox.dog/mcp
Server returns 401 with WWW-Authenticate header pointing to resource metadata
Client discovers OAuth endpoints via /.well-known/oauth-authorization-server
Client registers dynamically, runs PKCE OAuth flow, user authenticates with Google
Client gets bearer token — Gmail tools just work

Discovery Endpoints

# Protected Resource Metadata (RFC 9728)
GET https://inbox.dog/.well-known/oauth-protected-resource

# Authorization Server Metadata (RFC 8414)
GET https://inbox.dog/.well-known/oauth-authorization-server

# Dynamic Client Registration (RFC 7591)
POST https://inbox.dog/oauth/register

Available Tools

Once authenticated, these Gmail tools are available:

read_emails

List recent emails with optional search query and label filters.

read_email

Read full content of a specific email by message ID.

send_email

Send an email (to, subject, body, optional cc/bcc).

search_emails

Search emails using Gmail search syntax.

get_profile

Get authenticated user's email address, message count, threads.

Quick Test

# List available tools (no auth required)
curl -X POST https://inbox.dog/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

Standards

MCP Authorization Spec
RFC 9728 — OAuth 2.0 Protected Resource Metadata
RFC 8414 — OAuth 2.0 Authorization Server Metadata
RFC 7591 — OAuth 2.0 Dynamic Client Registration
PKCE (S256) required for public clients