Passport strategy for authenticating with Twitter using the OAuth 2.0 API.
Twitter announced OAuth 2.0 general availability on 14. 12. 2021. Twitter encourages developers to use Twitter API 2.0 with OAuth 2.0 authentication.
Twitter OAuth 2.0 implementation specifics:
- PKCE is required
- OAuth2 client credentials must be passed via Authorization header for private client types
This module lets you authenticate using Twitter in your Node.js applications. By plugging into Passport, Twitter authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
$ npm install @superfaceai/passport-twitter-oauth2
Before using @superfaceai/passport-twitter-oauth2
, you must register project and an application with Twitter by following these steps:
- go to https://developer.twitter.com/ and either sign up for a new account or sign in with existing one
- sign up for Essential access; you will need to verify a phone number for your Twitter account
- create a project and application (Essential account is limited to a single project and application)
- in application settings generate OAuth 2.0 Client ID and Client Secret; mind that you cannot view the secret again later, only regenerate it
The Twitter authentication strategy authenticates users using a Twitter OAuht2 access token.
The OAuth 2.0 Client ID and Client Secret obtained when creating
an application are supplied as options when creating the strategy. The strategy
also requires a verify
callback, which receives the access token and
refresh token as arguments, as well as profile
which contains the
authenticated user's Twitter profile. The verify
callback must call cb
providing a user to complete authentication.
passport.use(
new TwitterStrategy(
{
consumerKey: TWITTER_CONSUMER_KEY,
consumerSecret: TWITTER_CONSUMER_SECRET,
callbackURL: "http://127.0.0.1:3000/auth/twitter/callback",
},
function (accessToken, refreshToken, profile, done) {
User.findOrCreate({ twitterId: profile.id }, function (err, user) {
return done(err, user);
});
}
)
);
Use passport.authenticate()
, specifying the 'twitter'
strategy, to
authenticate requests.
Do not forget to configure scopes required by your application.
For example, as route middleware in an Express application:
app.get("/auth/twitter", passport.authenticate("twitter"));
app.get(
"/auth/twitter/callback",
passport.authenticate("twitter", {
failureRedirect: "/login",
scope: ["tweet.read", "tweet.write", "users.read"],
}),
function (req, res) {
// Successful authentication, redirect home.
res.redirect("/");
}
);