Twitter auth degraded since change to x.com

[billy-the-ape]

Wrote up details here: #10967

Not sure why this was closed. This issue can be reproduced with the example repo.

The main issue here is on x/twitter's end. But there will probably need to be a change to the default config for the TwitterProvider in next-auth to point to the correct place, once x.com is fixed on their end.

The issue is this: since Twitter now redirects all urls to x.com - if a user is logged into twitter with one account, they can be logged into a different user on x.com by switching to another account on x.com. So basically, it is impossible to easily switch your account at twitter.com anymore - it can only be done by clearing those cookies and logging in again with the other account, then the oauth flow to twitter.com will work as desired.

Unfortunately it seems that x.com doesn't (yet?) work properly, and so setting up a custom provider with the twitter config in this repo, but changing twitter.com to x.com doesn't seem to work. It is annoying - it seems twitter just kinda soft broke this functionality by changing their url.

There is a related twitter api forum post with very little activity here: https://devcommunity.x.com/t/oauth-authorization-issue-with-unexpected-accounts/219919/2

---

How to reproduce

1. Be signed into an account at twitter.com (say with your business account)
2. Sign into an app with twitter
3. Say oh no I meant to sign in with my main account and was on my business one
4. Go to twitter.com to change your account
5. you are redirected to X.com. Change your active logged in account
6. Try to log back in using the app from step 2

Your business account is still active (on api.twitter.com/oauth/authenticate)

Since your login status at x.com and twitter.com do not remain in sync, there is no obvious way to switch your account.

Clearing cookies at twitter.com will allow a user to change their account. But this is something many users wouldn't think to do and creates issues.