> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kavachos.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Salesforce
> Authenticate users via Salesforce OAuth 2.0 with a Connected App. Configure redirect URIs in App Manager and wire the `salesforce` provider with `openid` scopes.
## Setup
### Get credentials
Go to [developer.salesforce.com](https://developer.salesforce.com) and set up a Connected App in **Setup > App Manager**. Under **OAuth Settings**, enable OAuth and add your redirect URI:
```
https://your-app.com/api/kavach/auth/oauth/callback/salesforce
```
### Configure
```ts title="lib/kavach.ts" theme={"system"}
import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';
const kavach = await createKavach({
database: { provider: 'sqlite', url: 'kavach.db' },
plugins: [
oauth({
providers: [
{
id: 'salesforce',
clientId: process.env.SALESFORCE_CLIENT_ID!,
clientSecret: process.env.SALESFORCE_CLIENT_SECRET!,
},
],
}),
],
});
```
```bash theme={"system"}
SALESFORCE_CLIENT_ID=...
SALESFORCE_CLIENT_SECRET=...
```
## Scopes
Default scopes: `openid`, `id`, `email`
| Scope | What it unlocks |
| --------- | -------------------------- |
| `openid` | OIDC identity token |
| `id` | Identity URL and user info |
| `email` | Email address |
| `profile` | Display name and photo |
| `api` | Access Salesforce APIs |
Salesforce uses org-specific domains (e.g. `mycompany.my.salesforce.com`). The default authorization endpoint is `login.salesforce.com` but this can be customized for sandbox orgs using `test.salesforce.com`.
## Endpoints
| Method | Path | Description |
| ------ | ---------------------------------- | ---------------------- |
| GET | `/auth/oauth/authorize/salesforce` | Redirect to Salesforce |
| GET | `/auth/oauth/callback/salesforce` | Handle callback |