kavachOS
Authentication

Spotify

Sign in with Spotify using OAuth 2.0.

Setup

Get credentials

Go to the Spotify Developer Dashboard and create an app. Under Edit Settings, add your redirect URI:

https://your-app.com/api/kavach/auth/oauth/callback/spotify

Copy the Client ID and Client Secret from the app overview.

Configure

import { createKavach, oauth } from 'kavachos';
import { spotifyProvider } from 'kavachos/auth'; 

const kavach = await createKavach({
  database: { provider: 'sqlite', url: 'kavach.db' },
  plugins: [
    oauth({
      providers: [
        spotifyProvider( 
          process.env.SPOTIFY_CLIENT_ID, 
          process.env.SPOTIFY_CLIENT_SECRET, 
        ), 
      ],
    }),
  ],
});

Environment variables

SPOTIFY_CLIENT_ID=your_client_id
SPOTIFY_CLIENT_SECRET=your_client_secret

Scopes

Default scopes: user-read-email, user-read-private

To access additional Spotify data, pass a scopes array:

spotifyProvider(
  process.env.SPOTIFY_CLIENT_ID,
  process.env.SPOTIFY_CLIENT_SECRET,
  { scopes: ['user-read-email', 'user-read-private', 'user-library-read'] }, 
)

The user-read-email scope is required to retrieve the user's email address. Without it, the identity will fall back to the Spotify user ID.

Endpoints

MethodPathDescription
GET/auth/oauth/authorize/spotifyRedirect to Spotify
GET/auth/oauth/callback/spotifyHandle callback

Facebook

Sign in with Facebook using OAuth 2.0.

Twitch

Sign in with Twitch using OAuth 2.0.

On this page

Setup
Get credentials
Configure
Environment variables
Scopes
Endpoints