Skip to main content

Get credentials

1

Create an app

Go to Reddit App Preferences and scroll to the bottom. Click Create another app…. Select web app as the type and add your redirect URI:
https://auth.example.com/auth/oauth/reddit/callback
2

Copy credentials

After saving, the client ID appears directly under the app name (a short string like abc123XYZ). Click edit to reveal or regenerate the secret.

Configuration

lib/kavach.ts
import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';

const kavach = await createKavach({
  database: { provider: 'postgres', url: process.env.DATABASE_URL! },
  secret: process.env.KAVACH_SECRET!,
  baseUrl: 'https://auth.example.com',
  plugins: [
    oauth({
      providers: [
        {
          id: 'reddit', 
          clientId: process.env.REDDIT_CLIENT_ID!, 
          clientSecret: process.env.REDDIT_CLIENT_SECRET!, 
        },
      ],
    }),
  ],
});

REDDIT_CLIENT_ID=abc123XYZ
REDDIT_CLIENT_SECRET=...

Endpoints

EndpointURL
Authorizationhttps://www.reddit.com/api/v1/authorize
Tokenhttps://www.reddit.com/api/v1/access_token
User infohttps://oauth.reddit.com/api/v1/me

Scopes

Default scope: identity
ScopeWhat it unlocks
identityRead the user’s account info (username, avatar, karma)
readRead posts and comments on the user’s behalf
subscribeRead and manage subreddit subscriptions
historyRead the user’s post and comment history

User data returned

FieldSourceNotes
ididStable Reddit account ID (base-36 string)
email,Not available. Reddit does not expose email via OAuth
namenameReddit username
avataricon_imgQuery parameters stripped; may be a default avatar
Reddit does not expose the user’s email address via OAuth. If your app requires an email, prompt the user to enter one after sign-in and store it separately.
Reddit’s token endpoint uses HTTP Basic authentication rather than posting credentials in the request body. KavachOS handles this automatically.

Handling missing email

Since Reddit provides no email, check for it in your callback handler before creating a user account:
app/api/auth/[...]/route.ts
const { userInfo, isNewAccount } = await oauth.handleCallback(
  'reddit', code, state, redirectUri,
);

if (isNewAccount && !userInfo.email) {
  // Redirect to an email-collection step before finalising sign-up.
  return redirect(`/onboarding/email?accountId=${result.account.id}`);
}
Last modified on April 18, 2026