Skip to content

Twitter OAuth 2.0 Strategy for Passport for accessing Twitter API v2

License

Notifications You must be signed in to change notification settings

superfaceai/passport-twitter-oauth2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

passport-twitter-oauth2

Passport strategy for authenticating with Twitter using the OAuth 2.0 API.

Twitter announced OAuth 2.0 general availability on 14. 12. 2021. Twitter encourages developers to use Twitter API 2.0 with OAuth 2.0 authentication.

Twitter OAuth 2.0 implementation specifics:

  • PKCE is required
  • OAuth2 client credentials must be passed via Authorization header for private client types

This module lets you authenticate using Twitter in your Node.js applications. By plugging into Passport, Twitter authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install @superfaceai/passport-twitter-oauth2

Usage

Create an Application

Before using @superfaceai/passport-twitter-oauth2, you must register project and an application with Twitter by following these steps:

  • go to https://developer.twitter.com/ and either sign up for a new account or sign in with existing one
  • sign up for Essential access; you will need to verify a phone number for your Twitter account
  • create a project and application (Essential account is limited to a single project and application)
  • in application settings generate OAuth 2.0 Client ID and Client Secret; mind that you cannot view the secret again later, only regenerate it

Configure Strategy

The Twitter authentication strategy authenticates users using a Twitter OAuht2 access token. The OAuth 2.0 Client ID and Client Secret obtained when creating an application are supplied as options when creating the strategy. The strategy also requires a verify callback, which receives the access token and refresh token as arguments, as well as profile which contains the authenticated user's Twitter profile. The verify callback must call cb providing a user to complete authentication.

passport.use(
  new TwitterStrategy(
    {
      consumerKey: TWITTER_CONSUMER_KEY,
      consumerSecret: TWITTER_CONSUMER_SECRET,
      callbackURL: "http://127.0.0.1:3000/auth/twitter/callback",
    },
    function (accessToken, refreshToken, profile, done) {
      User.findOrCreate({ twitterId: profile.id }, function (err, user) {
        return done(err, user);
      });
    }
  )
);

Authenticate Requests

Use passport.authenticate(), specifying the 'twitter' strategy, to authenticate requests.

Do not forget to configure scopes required by your application.

For example, as route middleware in an Express application:

app.get("/auth/twitter", passport.authenticate("twitter"));

app.get(
  "/auth/twitter/callback",
  passport.authenticate("twitter", {
    failureRedirect: "/login",
    scope: ["tweet.read", "tweet.write", "users.read"],
  }),
  function (req, res) {
    // Successful authentication, redirect home.
    res.redirect("/");
  }
);