Google Docs
Proxy for the Google Docs v1 REST API — which is the entire API surface:
create_document, get_document, and batch_update. Dual auth by design,
like drive and calendar:
idp_passthroughmode for human users who want an agent to read or edit documents they own. Each request carries the caller's own OAuth grant.google_samode (Workspace service account with domain-wide delegation) for headless workflows that read or write shared documents on a fixed identity's behalf.
Overview
Typical uses:
- An agent reads a doc's structured content and summarizes it
(
get_document). - A drafting workflow creates a doc and inserts/templates text into it
(
create_document, thenbatch_updatewithinsertText/replaceAllText).
Two upstream-shape notes specific to Docs:
- No list endpoint. The Docs API can't enumerate documents; discover
document IDs via the Google Drive connector (filter on
mimeType = 'application/vnd.google-apps.document'), then operate on the ID here. - Everything mutating is
batch_update. All content edits and deletes (insertText,replaceAllText,deleteContentRange, table ops) are request objects onbatch_update; deleting an entire document file is the Drive connector's job.
Default policy
The connector ships policy/docs.rego
(package pbac.connectors.identos.google_docs). It enforces:
1. IdP-routing subject obligation
subject_obligations contains obl if {
input.resource.type == "urn:connector:identos:google-docs"
input.connector.upstream_auth.type == "idp_passthrough"
input.subject.idp_provider != "google"
obl := { "type": "require_authn_at", "idp": "google", ... }
}
Same pattern as google-drive/gmail — a caller from a non-Google session gets a step-up obligation before any passthrough Docs call succeeds.
2. blocked_document_ids deny (read + write)
A "nuclear" deny: the document is off-limits to this connector entirely, reads and writes both blocked. Use it for a sensitive document the service account can reach but that shouldn't be exposed to LLM-driven workflows.
3. read_only_document_ids deny (write only)
Listed documents allow GET but deny batch_update. Reads still work —
useful for agents that should surface but not edit a shared doc.
Supplying operator data
curl -X PUT http://localhost:8080/admin/policy/data/pbac/operator/connectors/identos.google-docs \
-H "X-Admin-API-Key: $PBAC_ADMIN_API_KEY" \
-d '{
"blocked_document_ids": ["1AbcSensitiveDocId"],
"read_only_document_ids": ["1XyzSharedDocId"]
}'
Scope model
| Scope | Used for | |
|---|---|---|
| PBAC scopes (internal) | docs:read, docs:write | Route authorization |
| Upstream OAuth scopes | documents | Google-side grant the user consents to (idp_passthrough mode); the service-account flow uses the same scope on the SA |
See Google Workspace: multi-connector setup for how docs' scopes compose with drive, gmail, and calendar on a single Google IdP.
Manifest reference
- ID:
identos.google-docs - Version:
1.0.0 - Resource type:
urn:connector:identos:google-docs
Supported auth modes
| Type | Details |
|---|---|
idp_passthrough | requires IdP google |
google_sa | setup fields: sa_key_env, domain |
Setup fields
| ID | Label | Default | Secret? | Notes |
|---|---|---|---|---|
base_url | API base URL | https://docs.googleapis.com | no | — |
upstream_auth.type | Authentication | idp_passthrough | no | idp_passthrough forwards each user's own Google OAuth token (recommended). google_sa uses a Workspace service account with domain-wide delegation impersonating a fixed user. |
sa_key_env | Service account key | — | yes | Pick a secret containing the service-account JSON. Required only for the google_sa auth mode. / shown when upstream_auth.type == 'google_sa' |
domain | Workspace domain | — | no | placeholder: example.com / Required only for the google_sa auth mode. / shown when upstream_auth.type == 'google_sa' |
Scopes
| Scope |
|---|
docs:read |
docs:write |
Routes
| Method | Pattern | Scope | Resource template |
|---|---|---|---|
POST | /v1/documents | docs:write | — |
GET | /v1/documents/{document_id} | docs:read | docs://{{document_id}} |
POST | /v1/documents/{document_id}:batchUpdate | docs:write | docs://{{document_id}} |
MCP tools
| Name | Scope | Description |
|---|---|---|
create_document | docs:write | Create a new, empty document. Pass {"title": "..."}. Add content afterward with batch_update. |
get_document | docs:read | Get a document's full structured content (body, styles, lists, etc.). |
batch_update | docs:write | Apply one or more content edits (insertText, replaceAllText, deleteContentRange, table ops, styling, …) via Docs Request objects. This is also how you DELETE content. |
Operator data schema
Keys the operator can supply under data.pbac.operator.connectors["identos.google-docs"].* — consumed by the connector's policy.
| Key | Type | Description |
|---|---|---|
blocked_document_ids | array | Document IDs that are off-limits to this connector — reads and writes both denied. |
read_only_document_ids | array | Document IDs where batch_update is denied regardless of the caller's scope. Reads still work. |