Skip to content
Blog Docs Login to Cloud

Cloud Service Authentication

Some integrations — like Google Drive and OneDrive — require an OAuth authentication flow that involves redirecting your browser to the service provider, signing in, and being redirected back to a callback URL. This flow requires a publicly accessible URL, which your local Errand installation doesn’t have.

Errand Cloud solves this by acting as a secure OAuth proxy for these authentication flows.

How Cloud Authentication Works

Section titled “How Cloud Authentication Works”

When you connect a cloud service like Google Drive or OneDrive through Errand Cloud:

  1. You click Connect on the integration card in your Errand settings
  2. Your browser is redirected to the service provider’s sign-in page (Google, Microsoft, etc.)
  3. After you grant permission, the provider redirects to an Errand Cloud callback URL
  4. Errand Cloud relays the authentication tokens back to your local installation through the encrypted connection
  5. Your local Errand server stores the tokens and uses them for API access

After the initial authentication, your installation communicates directly with the cloud service APIs using the stored tokens. Errand Cloud is only involved during the OAuth sign-in flow — it does not see or store your files, emails, or other data from these services.

Supported Services

Section titled “Supported Services”

Google Workspace

Section titled “Google Workspace”

Errand Cloud can proxy OAuth flows for Google services, enabling integrations such as:

  • Google Drive — give task-runner agents read/write access to files in your Google Drive

Each Google integration requires its own OAuth consent and permissions. See the individual integration guides for setup instructions.

Microsoft 365

Section titled “Microsoft 365”

Errand Cloud can proxy OAuth flows for Microsoft services, enabling integrations such as:

  • OneDrive — give task-runner agents read/write access to files in your OneDrive

Each Microsoft integration requires its own app registration and consent. See the individual integration guides for setup instructions.

Prerequisites

Section titled “Prerequisites”

To use cloud authentication:

  • Your Errand installation must be connected to Errand Cloud (see Setting Up Errand Cloud)
  • You must have an active Errand Cloud subscription

Security

Section titled “Security”
  • Errand Cloud only handles the OAuth redirect flow — it relays the authorisation code to your local installation
  • Your access tokens and refresh tokens are stored only on your local installation
  • Errand Cloud never has access to your files, emails, or other data from connected services
  • You can revoke access at any time from both the Errand settings and the service provider’s permissions page

Troubleshooting

Section titled “Troubleshooting”

“Provider not configured” error?

  • The OAuth client credentials (client ID, client secret) are not set in your Errand server’s environment. Check the integration guide for the required environment variables.

Redirect fails or shows an error?

  • Ensure the redirect URI configured in your OAuth app matches the Errand Cloud callback URL exactly
  • Check that your Errand Cloud connection is active

Token refresh fails?

  • The user may have revoked access from the service provider’s side — disconnect and reconnect the integration
  • For Microsoft integrations, check that the client secret hasn’t expired