kavachOS
Authentication

Salesforce

Sign in with Salesforce using OAuth 2.0.

Setup

Get credentials

Go to developer.salesforce.com and set up a Connected App in Setup > App Manager. Under OAuth Settings, enable OAuth and add your redirect URI:

https://your-app.com/api/kavach/auth/oauth/callback/salesforce

Configure

lib/kavach.ts
import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';

const kavach = await createKavach({
  database: { provider: 'sqlite', url: 'kavach.db' },
  plugins: [
    oauth({
      providers: [
        {
          id: 'salesforce',
          clientId: process.env.SALESFORCE_CLIENT_ID!,
          clientSecret: process.env.SALESFORCE_CLIENT_SECRET!,
        },
      ],
    }),
  ],
});
SALESFORCE_CLIENT_ID=...
SALESFORCE_CLIENT_SECRET=...

Scopes

Default scopes: openid, id, email

ScopeWhat it unlocks
openidOIDC identity token
idIdentity URL and user info
emailEmail address
profileDisplay name and photo
apiAccess Salesforce APIs

Salesforce uses org-specific domains (e.g. mycompany.my.salesforce.com). The default authorization endpoint is login.salesforce.com but this can be customized for sandbox orgs using test.salesforce.com.

Endpoints

MethodPathDescription
GET/auth/oauth/authorize/salesforceRedirect to Salesforce
GET/auth/oauth/callback/salesforceHandle callback

PayPal

Sign in with PayPal using OAuth 2.0.

VK

Sign in with VK using OAuth 2.0.

On this page

Setup
Get credentials
Configure
Scopes
Endpoints