From bd9ba0bc7e86b2eeaa762772527ae9d85ef7a00a Mon Sep 17 00:00:00 2001 From: Josh Radcliff Date: Wed, 13 Aug 2025 13:51:51 -0400 Subject: [PATCH] feat: support access token in configuration Allow users to set the environment variable `ANALYTICS_MCP_ACCESS_TOKEN` to use an access token instead of Application Default Credentials. This is useful for scenarios like [#31](https://github.com/googleanalytics/google-analytics-mcp/issues/31), when Application Default Credentials aren't working. --- analytics_mcp/tools/utils.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/analytics_mcp/tools/utils.py b/analytics_mcp/tools/utils.py index d257020..97c5553 100644 --- a/analytics_mcp/tools/utils.py +++ b/analytics_mcp/tools/utils.py @@ -20,6 +20,8 @@ from google.api_core.gapic_v1.client_info import ClientInfo from importlib import metadata import google.auth +from google.oauth2 import credentials as oauth2_credentials +import os import proto @@ -46,9 +48,19 @@ def _get_package_version_with_fallback(): def _create_credentials() -> google.auth.credentials.Credentials: - """Returns Application Default Credentials with read-only scope.""" - (credentials, _) = google.auth.default(scopes=[_READ_ONLY_ANALYTICS_SCOPE]) - return credentials + """Returns credentials with read-only scope. + + If the ANALYTICS_MCP_ACCESS_TOKEN environment variable is set, it will be + used to create the credentials. Otherwise, Application Default Credentials + will be used. + """ + access_token = os.environ.get("ANALYTICS_MCP_ACCESS_TOKEN") + if access_token: + return oauth2_credentials.Credentials( + token=access_token, scopes=[_READ_ONLY_ANALYTICS_SCOPE] + ) + (creds, _) = google.auth.default(scopes=[_READ_ONLY_ANALYTICS_SCOPE]) + return creds def create_admin_api_client() -> admin_v1beta.AnalyticsAdminServiceAsyncClient: