Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.kavachos.com/llms.txt

Use this file to discover all available pages before exploring further.

Get credentials

1

Register an application

Go to the Twitch Developer Console and click Register Your Application. Set the OAuth Redirect URL to:
https://auth.example.com/auth/oauth/twitch/callback
Pick any category, Website Integration works for most apps.
2

Copy credentials

After saving, click Manage on the app. Copy the Client ID. Click New Secret to generate and copy the Client Secret.

Configuration

lib/kavach.ts
import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';

const kavach = await createKavach({
  database: { provider: 'postgres', url: process.env.DATABASE_URL! },
  secret: process.env.KAVACH_SECRET!,
  baseUrl: 'https://auth.example.com',
  plugins: [
    oauth({
      providers: [
        {
          id: 'twitch', 
          clientId: process.env.TWITCH_CLIENT_ID!, 
          clientSecret: process.env.TWITCH_CLIENT_SECRET!, 
        },
      ],
    }),
  ],
});

TWITCH_CLIENT_ID=abcdef1234567890abcdef1234567890
TWITCH_CLIENT_SECRET=...

Endpoints

EndpointURL
Authorizationhttps://id.twitch.tv/oauth2/authorize
Tokenhttps://id.twitch.tv/oauth2/token
User infohttps://api.twitch.tv/helix/users

Scopes

Default scope: user:read:email
ScopeWhat it unlocks
user:read:emailRead the user’s verified email address
user:read:followsRead the channels the user follows
channel:read:subscriptionsRead the user’s channel subscriptions

User data returned

FieldSourceNotes
iddata[0].idStable numeric Twitch user ID
emaildata[0].emailOnly present with user:read:email scope
namedata[0].display_nameLocalized display name (may differ from login)
avatardata[0].profile_image_urlDirect CDN URL; changes when user updates profile
The Twitch Helix API requires a Client-ID header on every request alongside the Bearer token. KavachOS handles this automatically, you do not need to set it manually.
Twitch email addresses may not be verified. Check the broadcaster_type and account age in the raw response if you need higher assurance.

OAuth overview

Generic OAuth configuration and custom provider setup.

Google

Another popular social provider with verified email addresses.

GitHub

Developer-focused OAuth provider with org membership scopes.

Reddit

Social provider in the same nav group.
Last modified on April 29, 2026