DEV Community

Cover image for omniauth-twitter2 gem - How to authenticate twitter account by OAuth 2.0 on your Rails app?
unasuke (Yusuke Nakamura)
unasuke (Yusuke Nakamura)

Posted on • Updated on

omniauth-twitter2 gem - How to authenticate twitter account by OAuth 2.0 on your Rails app?

tl;dr

I made this gem.

GitHub logo unasuke / omniauth-twitter2

OmniAuth strategy for authenticating with Twitter OAuth2

OmniAuth::Twitter2

test GitHub license Gem Version

This gem provides a OmniAuth strategy for authenticating with Twitter OAuth2.

Installation

Add this line to your application's Gemfile:

gem 'omniauth-twitter2'
Enter fullscreen mode Exit fullscreen mode

And then execute:

$ bundle install

Or install it yourself as:

$ gem install omniauth-twitter2

Usage

Rails

# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter2, ENV["TWITTER_CLIENT_ID"], ENV["TWITTER_CLIENT_SECRET"], callback_path: '/auth/twitter2/callback', scope: "tweet.read users.read"
end
Enter fullscreen mode Exit fullscreen mode

Auth Hash

  { "provider" => "twitter2",
    "uid" => "108252390",
    "info" => {
      "name" => "うなすけ",
      "email" => nil,
      "nickname" => "yu_suke1994",
      "description" => "帰って寝たい",
      "image" => "https://pbs.twimg.com/profile_images/580019517608218624/KzEZSzUy_normal.jpg",
      "urls" => {
        "Website" => "https://t.co/NCFLB8wDkx",
        "Twitter" => "https://twitter.com/yu_suke1994"
      }
    },
    "credentials" => {
      "token" => "TOKENTOKENTOKENTOKENTOKENTOKEN",
      "expires_at" => 1642016242,
      "expires" => true
    },
    "extra" => {
      "raw_info" => {
        "data" => {
          "profile_image_url" =>
Enter fullscreen mode Exit fullscreen mode

This gem is one of the OmniAuth strategies for Twitter, using OAuth 2.0 for the authentication protocol.

We have omniauth-twitter gem. Why this gem?

Yes, the omniauth-twitter gem is a well-maintained, widely-used gem.

https://github.com/arunagw/omniauth-twitter

But, omniauth-twitter uses OAuth 1.0a.

Twitter OAuth 2.0 GA from 2021-12-15

When 2021-12-15, Twitter announced OAuth 2.0 General Availability.

And we can use "new fine-grained permission scopes" at the release.

We could choose those three kinds of scopes in the older permission scope. That's too rough.

  • Read
  • Read and Write
  • Read and write and Direct message

OAuth 1.0a permission scopes

But now, We can choose enough permissions from the list on OAuth 2.0 (through Twitter API V2)

https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code

tweet.read, tweet.write, tweet.moderate.write, users.read, follows.read, follows.write, offline.access, space.read, mute.read, mute.write, like.read, like.write, list.read, list.write, block.read, block.write

OK, how to use twitter with OAuth 2.0 with my rails app?

I created a gem, "omniauth-twitter2".

https://github.com/unasuke/omniauth-twitter2

This is one of the omniauth strategies, so it's easy to integrate your rails app if you use omniauth (or devise?)

("2" means OAuth 2.0, not means successor of "omniauth-twitter" gem. because the gem still working everywhare!)

And I have created a sample application that uses omniauth and omniauth-twitter2.

This app only signs in with twitter, but it's enough to show how to implement "sign in with Twitter".

Attention

If you want to use OAuth 2.0 API in your twitter app, you should move your app to under "Project". You can't use OAuth 2.0 in your app if the app is still a "Standalone app".

twitter developer portal

...And I'm not a specialist in the authentication. Please give me a pull request or issue if you found a bug.


I'm glad if you star the GitHub repository or share the post, if you want!

📝 Original post: https://blog.unasuke.com/2022/how-to-authenticate-twitter-account-by-oauth-2/

Top comments (0)