evalbench

Connections

Connect your Google or Microsoft account to export run results to Google Sheets or OneDrive. Tokens live only in an encrypted HttpOnly cookie scoped to this browser — they never touch the database.

Google

Export runs as Google Sheets in your Drive.

Not configured

This deployment doesn't have Google OAuth credentials configured.

Connect Google

What this would do

  • ·Adds an "Export to Google Sheets" option in the run + leaderboard menus.
  • ·Each export creates a new spreadsheet in your Drive root with the run's per-case data.
  • ·Auto-converts CSV to a real Google Sheet on upload — formulas, filters, sharing all work.

Permissions requested

  • openid · email
    Used only to display the connected account in /connections.
  • drive.file
    Minimum-privilege scope. evalbench can only see/edit files it has created — not any existing Drive content.

Not configured on this deployment

To enable, set these env vars in Vercel and redeploy:

  • GOOGLE_OAUTH_CLIENT_ID
  • GOOGLE_OAUTH_CLIENT_SECRET
  • SESSION_SECRET
Quick setup steps
  1. console.cloud.google.com → create a project, enable the Drive API.
  2. OAuth consent screen (External) with scopes openid, email, drive.file.
  3. Credentials → OAuth Client ID (Web), redirect URI /api/auth/google/callback.
  4. Paste client id + secret into Vercel env vars; redeploy.
Read the full setup guide →

Microsoft

Upload run CSVs to OneDrive (opens natively in Excel).

Not configured

This deployment doesn't have Microsoft OAuth credentials configured.

Connect Microsoft

What this would do

  • ·Adds an "Upload CSV to OneDrive" option in the run + leaderboard menus.
  • ·Each export saves a CSV at /Evalbench/<filename>.csv in your OneDrive.
  • ·CSV opens natively in Excel — no .xlsx conversion needed.

Permissions requested

  • User.Read
    Used only to display your account email in /connections.
  • Files.ReadWrite
    Lets evalbench write files to your OneDrive.
  • offline_access
    Issues a refresh token so the connection survives access-token expiry.

Not configured on this deployment

To enable, set these env vars in Vercel and redeploy:

  • MICROSOFT_OAUTH_CLIENT_ID
  • MICROSOFT_OAUTH_CLIENT_SECRET
  • SESSION_SECRET
Quick setup steps
  1. entra.microsoft.com → App registrations → New registration ("any directory + personal accounts").
  2. Redirect URI /api/auth/microsoft/callback.
  3. API permissions: Files.ReadWrite, User.Read, offline_access.
  4. Certificates & secrets → New client secret. Paste into Vercel env vars; redeploy.
Read the full setup guide →
How OAuth credentials work in this deployment

Each provider needs *_OAUTH_CLIENT_ID and *_OAUTH_CLIENT_SECRET env vars in Vercel. Without them, the “Connect” button is replaced with a “Learn how to enable” button explaining what each integration would do.

Tokens are encrypted with SESSION_SECRET via JWE-A256GCM and stored in an HttpOnly + Secure + SameSite=Lax cookie. Disconnecting clears the cookie.

Full setup steps in docs/exports.md.

Connections · evalbench