Authenticates a user via their Twitter account.
OAuth1 operations are performed against the following OAuth1 endpoints, requiring "read only" privileges:
- Authorization: https://api.twitter.com/oauth/authenticate
- Token retrieval: https://api.twitter.com/oauth/access_token
- User details: https://api.twitter.com/1.1/account/verify_credentials.json
A Twitter app must be created requiring "read only" privileges and the additional "Request email address from users" option checked. The app's API Key and secret must then be provided as parameters to the Twitter provider as clientId and secret respectively.
Parameters
As well as the parameters described in Base Provider Parameters, the following must be set in the params object.
| Name | Type | Description |
|---|---|---|
| clientId | String, required | The Twitter app's Consumer Key (the API Key). |
| secret | String, required | The Twitter apps Consumer Secret (the API Secret). |
User Profile Data
We request the following information from Twitter about a user. The properties are automatically mapped to the Authentication Worker's UserProfile class. These properties are then mapped to actual fields in a site user's profile, following the mappings set up in the
| Twitter Property | Mapped To | Description |
|---|---|---|
| id | UNIQUEID | Twitter's unique user identifier. |
| name | PREFERREDNAME | Formatted as "name (@screen_name)". Due to the nature of Twitter the name may very well make no sense, contain emojis, polarising opinions etc. |
| screen_name | SCREENNAME | The user's screen name, eg @myscreenname |
| The user's email address. This is only passed through when the additional "Request email address from users" privilege option is checked when setting up the Twitter App. |
See the Linking Providers, Account and Profile Management article for information about how profiles and email addresses are updated.
Configuration Example
{
"providerName": "twitter",
"providerDisplayName": "Twitter",
"type": "twitter",
"userPrefix": "T_",
"params": {
"clientId": "twitterGeneratedApiKey",
"secret": "twitterGeneratedSecret",
"checkConsentToStoreData": true,
"failIfConsentNotGiven": true
}
}
Setup
These notes are for guidance only, Twitter may change things their end!
- Create a Twitter app, specifying the required fields (name, description, website, etc)
- Enter a callback URL as not entering a value will disable callbacks entirely
- The value of the callback URL entered here isn't actually used as it is dynamically specified in the OAuth request. However, good practice dictates that it should be set to the reentry method of the Auth worker, eg https://mywebsite.com/apiserver/auth/http/reentry
- Do not check "Lock Callback URL" as the callback URL will never match the value specified above due to constantly changing URL parameters (as and asn) on the callback URL
- Specify a Privacy Policy URL (required if email addresses are to be provided by twitter)
- Specify a Terms of Service URL (required if email addresses are to be provided by twitter)
- Ensure "Allow this application to be used to sign in with Twitter" is checked
- Acquire a Consumer Key (API Key) and a Consumer Secret (API Secret). Supply these as the value of the clientId and secret provider configuration parameters respectively
- Ensure the access level is set to "Read only", and that "Request email addresses from users" is checked (this will require a suitable Privacy Policy URL and Terms of Service URL to be specified)
Share this page
