gotro
gotro copied to clipboard
kokizzu
Fix oauth twitter example
PR Checklist
- purpose: Fix Twitter OAuth example.
- solution: Implemented a new method for using the Twitter API with correct OAuth flow.
Summary by CodeRabbit
-
New Features
- Added Twitter OAuth2 authentication support with PKCE security
- Users can now authenticate using their Twitter credentials
- Twitter login option integrated alongside existing authentication providers
- Updated authentication UI to display Twitter login option
-
Documentation
- Added comprehensive Twitter OAuth setup and configuration guide
Walkthrough
This PR adds Twitter OAuth2 support with PKCE implementation across two example packages. Changes include updating OAuth2 endpoint configuration, implementing code_verifier/code_challenge flows, managing token exchanges, fetching user data from Twitter endpoints, adding configuration fields, and updating UI to display Twitter authentication options.
Changes
| Cohort / File(s) | Summary |
|---|---|
Example1 OAuth Configuration W2/internal/example1/conf/environment.go |
Refactored Twitter OAuth2 endpoints: separated AuthURL from TokenURL, set AuthStyle to AuthStyleInHeader for explicit header-based authentication |
Example1 OAuth Implementation W2/internal/example1/domain/user_oauth.go |
Added PKCE support (code_verifier/code_challenge via SHA-256), OAuth2 token exchange with redirect_uri, and Twitter API user info retrieval from https://api.x.com/2/users/me with email extraction |
Example1 Documentation W2/internal/example1/domain/OAUTH.md |
Expanded Twitter OAuth setup with new steps: user email scope, OAuth V2 Web App flow, callback URL, organization name, policies, and environment variables including TWITTER_SCOPES |
Example2 OAuth Configuration W2/internal/example2/conf/oauth.go |
Added TwitterScope field and Twitter oauth2.Config map to OauthConf; extended EnvOauth to populate Twitter configuration from environment with per-URL oauth2.Config instances |
Example2 OAuth Domain Constants W2/internal/example2/domain/oauth.go |
Added new public constant OauthTwitter with value twitter |
Example2 External Auth Flow W2/internal/example2/domain/GuestExternalAuth.go |
Implemented PKCE support for Twitter: code_verifier generation, SHA-256-based code_challenge, AuthCodeURL construction with PKCE parameters and scopes |
Example2 OAuth Callback W2/internal/example2/domain/GuestOauthCallback.go |
Added Twitter case to provider switch: OAuth2 token exchange with code_verifier and redirect_uri, client creation, Twitter user data fetch, email extraction from confirmed_email field |
Example2 Presentation & UI W2/internal/example2/presentation/web_static.go, W2/internal/example2/svelte/index.svelte |
Integrated Twitter provider into root route handler; added Twitter GuestExternalAuth initialization, session decoration, and UI button block mirroring Google OAuth flow |
Sequence Diagram(s)
sequenceDiagram
participant User as User
participant Web as Web Handler
participant OAuth as OAuth Provider
participant Twitter as Twitter API
participant Callback as Callback Handler
User->>Web: Click Twitter Auth Button
Web->>Web: Generate code_verifier
Web->>Web: Compute code_challenge (SHA-256)
Web->>OAuth: Build AuthCodeURL with PKCE params
OAuth->>User: Redirect to Twitter authorize
User->>Twitter: Authorize app
Twitter->>Callback: Redirect with auth code
Callback->>OAuth: Exchange code with code_verifier
OAuth->>Twitter: Request token
Twitter->>OAuth: Return access token
Callback->>Twitter: Fetch user data (/users/me)
Twitter->>Callback: Return user info + confirmed_email
Callback->>Callback: Extract email
Callback->>User: Create session / Redirect
Estimated code review effort
🎯 3 (Moderate) | ⏱️ ~25 minutes
- PKCE Implementation: Verify SHA-256 code_challenge computation and base64 URL encoding across both examples (user_oauth.go, GuestExternalAuth.go)
- Token Exchange: Confirm code_verifier is correctly passed and redirect_uri matches authorization flow
-
Twitter API Endpoint: Validate user info endpoint (
https://api.x.com/2/users/me) and email extraction path (confirmed_email field) - Configuration Consistency: Ensure OAuth2 endpoint configuration (AuthURL, TokenURL, AuthStyleInHeader) is correctly applied across examples
- Environment Variable Handling: Review TwitterScope parsing from environment and per-URL configuration instantiation
Poem
🐰 A twitter took flight with PKCE's guard, Code challenges flowing, no token scarred, From auth to email, the user flows clear, OAuth2 blooms bright, the spring season's here! 🌸
Pre-merge checks and finishing touches
✅ Passed checks (2 passed)
| Check name | Status | Explanation |
|---|---|---|
| Title check | ✅ Passed | The title 'Fix oauth twitter example' directly relates to the changeset which implements Twitter OAuth2 support across multiple files with PKCE flow, configuration, and UI integration. |
| Description check | ✅ Passed | The PR description follows the required template structure with both 'purpose' and 'solution' sections completed, clearly stating the intent to fix Twitter OAuth with correct OAuth flow implementation. |
✨ Finishing touches
- [ ] 📝 Generate docstrings
🧪 Generate unit tests (beta)
- [ ] Create PR with unit tests
- [ ] Post copyable unit tests in a comment
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}