Get credentials
Create a Slack app
Go to api.slack.com/apps and click Create New App > From scratch. Name your app and select a development workspace.Configure OAuth and permissions
Navigate to OAuth and Permissions. Under Redirect URLs, add:openid, email, and profile.Copy credentials
Go to Basic Information and copy the Client ID and Client Secret under App Credentials.KavachOS uses Slack’s OpenID Connect flow (
/openid/connect/authorize), not the older identity.basic scope approach. Make sure you add User Token Scopes, not Bot Token Scopes.Configuration
lib/kavach.ts
Scopes
Default scopes:openid email profile
These are standard OIDC scopes that Slack supports. No additional User Token Scopes are needed for basic sign-in.
User data returned
| Field | Source | Notes |
|---|---|---|
id | sub claim | Stable Slack user ID per workspace |
email | email claim | Workspace email |
name | name claim | Display name |
image | picture claim | Profile photo URL |