How to access to user token and token_secret Twitter

pippocicirelli · February 26, 2020, 5:31pm

Hi, I used this guide to create a personalized Twitter connection that uses oauth1.

Once logged in I can only view the accessToken and idToken, the information I need is the token and token_secret of the logged in user.

Link documentation Twitter OAuth1.0a

how do I get them?

Thank you

dan.woda · February 27, 2020, 10:01pm

Hi @pippocicirelli,

Have you tried following this doc:

Let me know,
Dan

thomas.osborn · March 9, 2020, 11:51pm

Hi pippocicirelli!

It looks to me like these would come through the script you defined for the getUserProfile function:

function(token, tokenSecret, ctx, callback){

so although have no tried that myself, I’m assuming you the token and tokenSecret are what you are after.

Please let me if know that works for you.

pippocicirelli · March 12, 2020, 1:37pm

Hi @thomas.osborn,

exact! It seems that this information is stored and then accessible only by an api https://DOMAIN/api/v2/users/USER_ID under the json entry:

“identities”: [
{
“provider”: “oauth1”,
“access_token”: “ACCESS_TOKEN_TWITTER”,
“access_token_secret”: “ACCESS_TOKEN_SECRET_TWITTER”,
“user_id”: “USER_ID”,
“connection”: “custom-twitter”,
“isSocial”: true
}
]

I would like the Twitter token and secret to be returned after the user performs the login operation:

this.Client.authorize(options, (err, authResult) => {
}

So in authResult together with the accessToken, expiresIn, tokenType information is it possible to add also the Twitter tokens? Possibly I would like to avoid adding this information to the jwt token.

Thank you

thomas.osborn · March 12, 2020, 11:28pm

Hi pippocicirelli,

I didn’t try this with Yahoo, but at least with Google connections when the rule runs the access token is available in the identities array of the user object.

If the token and token secret are also visible in the identities array from within a rule, you could send them back with the access token or ID token, or post them somewhere.

Does that make sense? Please let me know if that works.

pippocicirelli · March 13, 2020, 8:12am

It makes sense, for now I managed to create a RULE that does something like this:

rule

function (user, context, callback) {

context.idToken['https://example.com/access_token'] = user.identities[0].access_token;
context.idToken['https://example.com/access_token_secret'] = user.identities[0].access_token_secret;

I don’t like this solution, because it inserts the twitter tokens into the jwt contained in the idToken parameter.

What I would like to do is hang Twitter tokens to the token response generated by auth0. How can I do?

thomas.osborn · March 17, 2020, 9:36pm

Uou either have to do what you’re doing now, or make a separate request to the management API. I understand why it would be useful to return the third party IdP token as just another part of the response, but it can’t be done.

dan.woda · April 1, 2020, 1:37am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.