Setup
Get credentials
Go to the WeChat Open Platform and register a website app. Set the authorization callback domain (not a full URL, just the domain):KavachOS will handle the path /api/kavach/auth/oauth/callback/wechat.import { createKavach } from 'kavachos';
import { oauth } from 'kavachos/auth';
const kavach = await createKavach({
database: { provider: 'sqlite', url: 'kavach.db' },
plugins: [
oauth({
providers: [
{
id: 'wechat',
clientId: process.env.WECHAT_APP_ID!,
clientSecret: process.env.WECHAT_APP_SECRET!,
},
],
}),
],
});
WECHAT_APP_ID=...
WECHAT_APP_SECRET=...
Scopes
Default scopes: snsapi_login
| Scope | What it unlocks |
|---|
snsapi_login | Web login, returns openid and unionid |
snsapi_userinfo | Full profile (name, avatar, gender) |
WeChat uses appid and secret rather than the standard client_id / client_secret naming, but KavachOS maps these correctly. The WeChat Open Platform requires ICP filing for mainland China deployments.
Endpoints
| Method | Path | Description |
|---|
| GET | /auth/oauth/authorize/wechat | Redirect to WeChat |
| GET | /auth/oauth/callback/wechat | Handle callback |
