Error when logging in with Twitter connection

Problem Statement:

When attempting to complete a login through the built-in Twitter connection the following error is returned:

{
"error": "invalid_request",
"error_description": "You currently have Essential access which includes access to Twitter API v2 endpoints only. If you need access to this endpoint, you’ll need to apply for Elevated access via the Developer Portal. You can learn more here: https://developer.twitter.com/en/docs/twitter-api/getting-started/about-twitter-api#v2-access-leve" "
}

Investigation:

To confirm that the issue is solely on the Twitter side and not related to the Auth0 integration, we can use an application like Postman or Insomnia to create a test request directly to a Twitter v1.1 API endpoint and as such confirm that the error is also thrown when trying to directly interact with the Twitter v1.1 API using an inadequate consumer API key.

The test can be performed against the (GET - https://api.twitter.com/1.1/account/verify_credentials.json) endpoint and leverage the support within Postman or Insomnia to automatically handle OAuth 1.0 request creation. The information that will be required (Consumer Key, Consumer Secret, Token Key, and Token Secret) can be obtained from the Twitter Developer Portal.

Cause:

The built-in Twitter social connection relies on Twitter v1.1 API which in turn follows OAuth 1.0 rules. Since this was originally available, Twitter release a v2 API based on OAuth 2.0 rules and limited access to v1.1 API endpoints only to developer accounts that already existed before v2 was available or to accounts that were created after v2 was available but that explicitly requested access to v1.1 API . The request to access v1.1 API endpoints is referred to as a request for Elevated access as mentioned in (Getting Started with the Twitter API | Docs | Twitter Developer Platform).

Two reasons could cause this error:

  1. use a consumer API key/secret that is associated with a developer account that does not have elevated access
  2. the account has elevated access, but it is within a project or application that is configured in the Twitter developer portal to not have the OAuth 1.0 authentication enabled.

Solution:

We need to ensure that

  1. v1.1 access (elevated access) is available for the consumer key being associated with the Auth0 connection.
  2. the project/application configured in the Twitter developer portal has OAuth 1.0 authentication enabled.