kavachOS
Authentication

Hugging Face

Sign in with Hugging Face using OAuth 2.0.

Setup

Get credentials

Go to huggingface.co/settings/applications and click New OAuth application. Set the redirect URI to:

https://your-app.com/api/kavach/auth/oauth/callback/huggingface

Configure

lib/kavach.ts
import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';

const kavach = await createKavach({
  database: { provider: 'sqlite', url: 'kavach.db' },
  plugins: [
    oauth({
      providers: [
        {
          id: 'huggingface',
          clientId: process.env.HUGGINGFACE_CLIENT_ID!,
          clientSecret: process.env.HUGGINGFACE_CLIENT_SECRET!,
        },
      ],
    }),
  ],
});
HUGGINGFACE_CLIENT_ID=...
HUGGINGFACE_CLIENT_SECRET=...

Scopes

Default scopes: openid, profile, email

ScopeWhat it unlocks
openidOIDC identity token
profileUsername and full name
emailEmail address
read-reposRead access to user repositories
read-billingRead billing information

Hugging Face supports the OIDC discovery endpoint at https://huggingface.co. User IDs are stable numeric values.

Endpoints

MethodPathDescription
GET/auth/oauth/authorize/huggingfaceRedirect to Hugging Face
GET/auth/oauth/callback/huggingfaceHandle callback

Naver

Sign in with Naver using OAuth 2.0.

Roblox

Sign in with Roblox using OAuth 2.0.

On this page

Setup
Get credentials
Configure
Scopes
Endpoints