WeChat

Setup

Get credentials

Go to the WeChat Open Platform and register a website app. Set the authorization callback domain (not a full URL, just the domain):

your-app.com

KavachOS will handle the path /api/kavach/auth/oauth/callback/wechat.

Configure

lib/kavach.ts

import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';

const kavach = await createKavach({
  database: { provider: 'sqlite', url: 'kavach.db' },
  plugins: [
    oauth({
      providers: [
        {
          id: 'wechat',
          clientId: process.env.WECHAT_APP_ID!,
          clientSecret: process.env.WECHAT_APP_SECRET!,
        },
      ],
    }),
  ],
});

WECHAT_APP_ID=...
WECHAT_APP_SECRET=...

Scopes

Default scopes: snsapi_login

Scope	What it unlocks
`snsapi_login`	Web login, returns `openid` and `unionid`
`snsapi_userinfo`	Full profile (name, avatar, gender)

WeChat uses appid and secret rather than the standard client_id / client_secret naming, but KavachOS maps these correctly. The WeChat Open Platform requires ICP filing for mainland China deployments.

Endpoints

Method	Path	Description
GET	`/auth/oauth/authorize/wechat`	Redirect to WeChat
GET	`/auth/oauth/callback/wechat`	Handle callback

Last modified on April 29, 2026

KickAuthenticate users via Kick OAuth 2.0. Register an app in the Kick developer dashboard, set a redirect URI, and configure `user:read` scope in the `oauth()` plugin.

Overview

Methods

OAuth providers

Enterprise

Setup

Get credentials

Configure

Scopes

Endpoints

Overview

Methods

OAuth providers

Enterprise

Documentation Index

​Setup

​Get credentials

​Configure

​Scopes

​Endpoints

Setup

Get credentials

Configure

Scopes

Endpoints