Jan Halama

Hi, I will look at it today and give you some answers. Jan

From the call stack you provided it looks like that Twitter strategy is not configured properly. Specifically [custom headers](https://github.com/superfaceai/passport-twitter-oauth2/blob/6001cbbf26e590c904964f112366c1c5eb5bad57/src/strategy.ts#L80) are not configured. Custom headers are configured if the `clientType` option...

> ty for your quick answer i will try with the basic example and come back to you with the result and maybe it will help me find the solution....

Hi, thanks for your comment. Just a quick guess. Have you tried passing state as an object?

You might also find this [blog post](https://medium.com/passportjs/application-state-in-oauth-2-0-1d94379164e) by Jared helpful.

Hi @midhunlanware , thank you for your report. Can you share some code snippet that lead to the error? Do you pass `users.read` and `tweet.read` scopes to the `authenticate` method?...

Hi Lazis, Twitter supports `OAuth 2.0 Authorization Code Flow with PKCE` only to authenticate apps on behalf of user. Storing state in session must be enabled alongside PKCE, since the...

> Note that the error is thrown by the underlying OAuth2 strategy, we just rely on its PKCE implementation which requires session. > > I think one of our users...

PKCE is required by Twitter as OAuth2 provider. You can not authenticate with disabled PKCE. > We only provide [authorization code](https://oauth.net/2/grant-types/authorization-code/) with [PKCE](https://oauth.net/2/pkce/) and [refresh token](https://oauth.net/2/grant-types/refresh-token/) as the supported [grant...

@Olliebrown I have not found any problems with the code you provided. I can simulate the same error response by configuring the X application as confidential, and then setting the...