kavachOS
Authentication

Linear

Sign in with Linear using OAuth 2.0.

Setup

Get credentials

Go to linear.app/settings/api and click Create new OAuth application. Add your redirect URI:

https://your-app.com/api/kavach/auth/oauth/callback/linear

Configure

lib/kavach.ts
import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';

const kavach = await createKavach({
  database: { provider: 'sqlite', url: 'kavach.db' },
  plugins: [
    oauth({
      providers: [
        {
          id: 'linear',
          clientId: process.env.LINEAR_CLIENT_ID!,
          clientSecret: process.env.LINEAR_CLIENT_SECRET!,
        },
      ],
    }),
  ],
});
LINEAR_CLIENT_ID=...
LINEAR_CLIENT_SECRET=...

Scopes

Default scopes: read

ScopeWhat it unlocks
readRead access to the user's data
writeWrite access to issues, comments, etc.
issues:createCreate issues
app:assignIssuesAssign issues to the app

Linear uses UUIDs as user identifiers. The user's email is always returned and is verified.

Endpoints

MethodPathDescription
GET/auth/oauth/authorize/linearRedirect to Linear
GET/auth/oauth/callback/linearHandle callback

Vercel

Sign in with Vercel using OAuth 2.0.

Railway

Sign in with Railway using OAuth 2.0.

On this page

Setup
Get credentials
Configure
Scopes
Endpoints