Get credentials
Create an application
For gitlab.com: Go to gitlab.com/-/profile/applications.For a self-hosted instance: Go to your instance URL, then User Settings > Applications.- Name: your app name
- Redirect URI:
https://auth.example.com/auth/oauth/gitlab/callback - Scopes: check
read_userandemail
Copy credentials
After saving, copy the Application ID and Secret.Configuration
- gitlab.com
- Self-hosted
lib/kavach.ts
Scopes
Default scopes:read_user email
| Scope | What it unlocks |
|---|---|
read_user | Read the user’s profile |
email | Read the user’s primary email |
read_api | Read access to the API |
read_repository | Read repository data |
User data returned
| Field | Source | Notes |
|---|---|---|
id | id field | Stable numeric GitLab user ID |
email | email field | Primary email |
name | name field | Display name |
image | avatar_url field | Profile picture URL |
For self-hosted GitLab instances, make sure your KavachOS server can reach the GitLab API. If you are behind a VPN or firewall, the token exchange and user info calls will fail if the instance is not reachable from your server.