authn-server icon indicating copy to clipboard operation
authn-server copied to clipboard

Published 20 hours ago verified publisher icon keratin

Support for Twitter OAuth

Open n9te9 opened this issue 4 years ago • 5 comments
trafficstars

Hi! Does authn-server provide Twitter OAuth? If it dosen't, do you have plan to be compatible with Twitter OAuth?

n9te9 avatar Nov 26 '20 02:11 n9te9

Hello! Twitter has not been implemented yet. If you or anyone else reading this thread is interested in contributing a pull request, the requirements are roughly:

  1. add a new ENV var parser (e.g. TWITTER_OAUTH_CREDENTIALS)
  2. implement a function that uses the final token to retrieve the user's ID & email
  3. add to documentation

Here's a recent example for Microsoft OAuth: https://github.com/keratin/authn-server/commit/f6ea426503709e4456b09f7a4bee37b7a616798d

cainlevy avatar Nov 27 '20 02:11 cainlevy

Ok! I grasp roughly requirements. I'll implement the features, send PR.

n9te9 avatar Nov 27 '20 04:11 n9te9

Hi! I'm implementing Twitter oauth now(I added Twitter Authorization ENV). Twitter OAuth seem more complex than other service's oauth. Twitter's oauth use 3-legged authorization flow. (Please look at detail -> https://developer.twitter.com/ja/docs/basics/authentication/overview/3-legged-oauth) While, Twitter provide oauth2.0. But, I couldn't get access token through oauth2.0. Twitter oauth2.0 seems can access public data only.

So, we have no choice to use oauth1.0 when we get authorization token from twitter. Can I implement twitter oauth feature by using other oauth1.0 library(e.g. https://github.com/gomodule/oauth1)?

n9te9 avatar Dec 29 '20 03:12 n9te9

Sorry, I'm not clear on the issue. AuthN implements most of the 3-legged OAuth2.0 flow. It only requires a custom function to find basic user information at the end, after the request token has been exchanged for the access token.

One complication I've found is that Twitter apps must be configured with permission to ask for email addresses:

The "Request email addresses from users" checkbox is available under the app permissions on developer.twitter.com. Privacy Policy URL and Terms of Service URL fields must be completed in the app settings in order for email address access to function. If enabled, users will be informed via the oauth/authorize dialog that your app can access their email address.

https://developer.twitter.com/en/docs/twitter-api/v1/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials

cainlevy avatar Dec 31 '20 21:12 cainlevy