tl;dr
I made this gem.
unasuke / omniauth-twitter2
OmniAuth strategy for authenticating with Twitter OAuth2
OmniAuth::Twitter2
This gem provides a OmniAuth strategy for authenticating with Twitter OAuth2.
Installation
Add this line to your application's Gemfile:
gem 'omniauth-twitter2'
And then execute:
$ bundle install
Or install it yourself as:
$ gem install omniauth-twitter2
Usage
Rails
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter2, ENV["TWITTER_CLIENT_ID"], ENV["TWITTER_CLIENT_SECRET"], callback_path: '/auth/twitter2/callback', scope: "tweet.read users.read"
end
Auth Hash
{ "provider" => "twitter2",
"uid" => "108252390",
"info" => {
"name" => "うなすけ",
"email" => nil,
"nickname" => "yu_suke1994",
"description" => "帰って寝たい",
"image" => "https://pbs.twimg.com/profile_images/580019517608218624/KzEZSzUy_normal.jpg",
"urls" => {
"Website" => "https://t.co/NCFLB8wDkx",
"Twitter" => "https://twitter.com/yu_suke1994"
}
},
"credentials" => {
"token" => "TOKENTOKENTOKENTOKENTOKENTOKEN",
"expires_at" => 1642016242,
"expires" => true
},
"extra" => {
"raw_info" => {
"data" => {
"profile_image_url" =>
…This gem is one of the OmniAuth strategies for Twitter, using OAuth 2.0 for the authentication protocol.
We have omniauth-twitter gem. Why this gem?
Yes, the omniauth-twitter gem is a well-maintained, widely-used gem.
https://github.com/arunagw/omniauth-twitter
But, omniauth-twitter uses OAuth 1.0a.
Twitter OAuth 2.0 GA from 2021-12-15
When 2021-12-15, Twitter announced OAuth 2.0 General Availability.
And we can use "new fine-grained permission scopes" at the release.
We could choose those three kinds of scopes in the older permission scope. That's too rough.
- Read
- Read and Write
- Read and write and Direct message
But now, We can choose enough permissions from the list on OAuth 2.0 (through Twitter API V2)
https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code
tweet.read
, tweet.write
, tweet.moderate.write
, users.read
, follows.read
, follows.write
, offline.access
, space.read
, mute.read
, mute.write
, like.read
, like.write
, list.read
, list.write
, block.read
, block.write
OK, how to use twitter with OAuth 2.0 with my rails app?
I created a gem, "omniauth-twitter2".
https://github.com/unasuke/omniauth-twitter2
This is one of the omniauth strategies, so it's easy to integrate your rails app if you use omniauth (or devise?)
("2" means OAuth 2.0, not means successor of "omniauth-twitter" gem. because the gem still working everywhare!)
And I have created a sample application that uses omniauth and omniauth-twitter2.
- URL: https://twitter-login-app.onrender.com/
- Source code: https://github.com/unasuke/twitter-login-app
This app only signs in with twitter, but it's enough to show how to implement "sign in with Twitter".
Attention
If you want to use OAuth 2.0 API in your twitter app, you should move your app to under "Project". You can't use OAuth 2.0 in your app if the app is still a "Standalone app".
...And I'm not a specialist in the authentication. Please give me a pull request or issue if you found a bug.
I'm glad if you star the GitHub repository or share the post, if you want!
📝 Original post: https://blog.unasuke.com/2022/how-to-authenticate-twitter-account-by-oauth-2/
Top comments (0)