Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twitter auth no longer working #492

Open
icvitkovac opened this issue Jan 6, 2024 · 3 comments
Open

Twitter auth no longer working #492

icvitkovac opened this issue Jan 6, 2024 · 3 comments
Labels
bug Bug or defect

Comments

@icvitkovac
Copy link

icvitkovac commented Jan 6, 2024
edited
Loading

Runtime

Node

Runtime version

18.17.1

Module version

13.0.1

Last module version without issue

N/A, as this is failing due to Twitter changes.

Used with

No response

Any other relevant information

Free twitter developer account that has access to 1.1 API (that includes OAuth)

What are you trying to achieve or the steps to reproduce?

Basic twitter Oauth 1.0a example:

const twitterAuthStrategy = {
name: 'twitter',
scheme: 'bell',
options: {
provider: 'twitter',
password: process.env.BELL_PASSWORD,
clientId: process.env.TWITTER_API_KEY,
clientSecret: process.env.TWITTER_API_SECRET,
isSecure: config.isProduction,
location: config.baseUrl,
},
config:{
extendedProfile: true,
getMethod: 'account/verify_credentials.json?include_email=true',
}
};

What was the result you got?

You currently have access to a subset of Twitter API v2 endpoints and limited v1.1 endpoints (e.g. media post, oauth) only. If you need access to this endpoint, you may need a different access level. You can learn more here: https://developer.twitter.com/en/portal/product

code: 453

What result did you expect?

It shouldn't cause twitter to throw 403, because as per official twitter documentation, https://api.twitter.com/1.1/users/show should still work.

Even if additional email "scope" is omitted (so, with the pure basic example that you're providing), result is the same.

So, current plugin should either work for OAuth 1.0a, or it should support Twitter OAuth 2.0.
@icvitkovac icvitkovac added the bug Bug or defect label Jan 6, 2024
@pabueco
Copy link

pabueco commented Jan 9, 2024
edited
Loading

We encountered the same issue and fixed it by disabling the extendedProfile when registering the provider.
This stops bell from trying to load the full user profile (code) and makes the login work again. You still get the users id and username.

server.auth.strategy('twitter', 'bell', {
    provider: 'twitter',
    password: 'cookie_encryption_password_secure',
    clientId: 'my_twitter_client_id',
    clientSecret: 'my_twitter_client_secret',
    config: {
	extendedProfile: false
    }
});

Do you have a link to where it says the /1.1/users/show endpoint should still be accessible?
I only found their deprecation announcement which says that only the media and oauth endpoints will be accessible via the free tier.

@icvitkovac
Copy link
Author

Yeah, but that doesn't provide an user's email (and Twitter V2 doesn't support that yet in https://api.twitter.com/2/users/me).

So it is essentially broken on both ends, at least that basic (but very important) functionality.

Re: deprecation - it never says anywhere that it is deprecated, including in the link you pasted.

@pabueco
Copy link

pabueco commented Jan 9, 2024
edited
Loading

Yes, I only wanted to mention this workaround in case someone does not need the profile/email, but wants to provide a twitter login using this library. But you're right that it's essentially broken.

I didn't say the endpoint was deprecated, just that they deprecated/changed their API access tiers and the endpoint is no longer accessible via the free tier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug or defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@icvitkovac @pabueco