Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Twitter OAuth #163

Open
lkeix opened this issue Nov 26, 2020 · 4 comments
Open

Support for Twitter OAuth #163

lkeix opened this issue Nov 26, 2020 · 4 comments
Labels
enhancement

Comments

@lkeix
Copy link

lkeix commented Nov 26, 2020

Hi!
Does authn-server provide Twitter OAuth?
If it dosen't, do you have plan to be compatible with Twitter OAuth?
@cainlevy
Copy link
Member

Hello! Twitter has not been implemented yet. If you or anyone else reading this thread is interested in contributing a pull request, the requirements are roughly:

  1. add a new ENV var parser (e.g. TWITTER_OAUTH_CREDENTIALS)
  2. implement a function that uses the final token to retrieve the user's ID & email
  3. add to documentation

Here's a recent example for Microsoft OAuth: f6ea426

@lkeix
Copy link
Author

lkeix commented Nov 27, 2020

Ok!
I grasp roughly requirements. I'll implement the features, send PR.

@cainlevy cainlevy changed the title Does authn-server provide Twitter OAuth? Support for Twitter OAuth Dec 17, 2020
@lkeix
Copy link
Author

lkeix commented Dec 29, 2020

Hi!
I'm implementing Twitter oauth now(I added Twitter Authorization ENV). Twitter OAuth seem more complex than other service's oauth. Twitter's oauth use 3-legged authorization flow. (Please look at detail -> https://developer.twitter.com/ja/docs/basics/authentication/overview/3-legged-oauth)
While, Twitter provide oauth2.0. But, I couldn't get access token through oauth2.0. Twitter oauth2.0 seems can access public data only.

So, we have no choice to use oauth1.0 when we get authorization token from twitter.
Can I implement twitter oauth feature by using other oauth1.0 library(e.g. https://github.com/gomodule/oauth1)?

@cainlevy
Copy link
Member

Sorry, I'm not clear on the issue. AuthN implements most of the 3-legged OAuth2.0 flow. It only requires a custom function to find basic user information at the end, after the request token has been exchanged for the access token.

One complication I've found is that Twitter apps must be configured with permission to ask for email addresses:

The "Request email addresses from users" checkbox is available under the app permissions on developer.twitter.com. Privacy Policy URL and Terms of Service URL fields must be completed in the app settings in order for email address access to function. If enabled, users will be informed via the oauth/authorize dialog that your app can access their email address.

https://developer.twitter.com/en/docs/twitter-api/v1/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cainlevy @lkeix