-
-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
twitter oauth now required to use oauth2 - unless you have elevated access #111
Comments
I have tried to check this new API and it is confusing for real. It is not even clear to me if twitter even allow the usual oauth2, as in some parts of documentation it shows app-only basic auth. Some other places sort of hinting about the normal flow and I think the 2 endpoints we need (AuthURL, and TokenURL) are The page about APIv2 marked as "Early access", so I'm not sure if it is for real, or just outdated documentation. It is also unclear what scopes are supported (they mentioned scopes, but I was't able to found the list) and what the API v2 way to get user info (maybe /me? not sure) If we know answers, all we need to do is to add // NewTwitterV2 makes twitter oauth2 provider with API v2
func NewTwitterV2(p Params) Oauth2Handler {
return initOauth2Handler(p, Oauth2Handler{
name: "twitter_v2",
scopes: []string{},
endpoint: oauth2.Endpoint{
AuthURL: "https://api.twitter.com/2/oauth2/authorize",
TokenURL: "https://api.twitter.com/2/oauth2/token",
},
infoURL: "https://api.twitter.com/1.1/account/verify_credentials.json",
mapUser: func(data UserData, _ []byte) token.User {
userInfo := token.User{
ID: "twitter_" + token.HashID(sha1.New(), data.Value("id_str")),
Name: data.Value("screen_name"),
Picture: data.Value("profile_image_url_https"),
}
if userInfo.Name == "" {
userInfo.Name = data.Value("name")
}
return userInfo
},
})
} |
As an additional note: I applied for Elevated access and was approved so I can access twitter logins in fine on my side but I was also severely confused by things in the API documentation for twitter. I think this will be a good thing to have because from what I understand, there's plans to move off of the older API versions...eventually? (Again, the docs aren't super clear) I can do a bit of research on my side with what you've given and see if I can get it to work, I'll post back here if I find anything else out. |
If someone figures out how to properly request currently working Twitter auth, please update https://github.com/go-pkgz/auth#twitter-auth-provider and https://github.com/umputun/remark42/blob/master/site/src/docs/configuration/authorization/index.md#twitter |
So I did a bit of research and it doesn't look like (at the moment) there's an equivalent 2.0 endpoint for The process looks fairly easy but it would probably require a similar setup to the Apple flow that is currently in use - so we'd need to make a separate file for it and all that. I could add this in as a "secondary" option if we think it's worth it? |
As per this statement on twitter's developer website (https://developer.twitter.com/en/docs/twitter-api/getting-started/about-twitter-api):
New users are locked in to using oauth2 unless they apply for elevated access, which puts you on a wait list. This conflicts with the existing oauth1 implementation for twitter and I feel that the best way to go forward is to add an oauth2 method for it along with oauth1 so that things don't break for existing users, but allow new users the ability to use twitter easily.
It looks like @nbys was the one who did this pr for adding oauth1 implementation - how easy would it be to add in oauth2? I'm not super familiar with go but I could probably take a stab at it myself, I'm just not sure how to handle the whole "allow both oauth1 and oauth2" debacle.
The text was updated successfully, but these errors were encountered: