We’re about to start using the Twitter v2 API, which requires their newly released OAuth2 auth flow.
However, they seem to only support PKCE based auth flow, and require the
code_challenge_method params for the authorize GET call, and the corresponding
code_verifier for the oauth/token POST call.
I can force the
code_challenge_method params into the authorize query params using the authParams options field for the connection, but I can’t figure out how to include the
code_verifier in the body for the token exchange call.
Is there anyway to configure a custom social connection to use PKCE or to modify the token request body?
Also, in general, other than
authParams , are there other options available to configure custom social connections? What options are available for the oauth2 strategy?
Welcome to the Auth0 Community!
I understand you have questions about using the Twitter Social Connection.
Yes, it is possible. First let me explain that your Twitter Social Connection is a type of connection, whereas PKCE is related to your application type. In general, you can use any connection type like database, social, or passwordless to login onto your application. However, in this instance, it appears that Twitter requires an application type that uses PKCE.
In this case, there is the option to use a Single Page Application, Mobile Application, or Native Application to call the authorization code with PKCE. For example, in React Native. From doing so, you will be compliant with PKCE and can authenticate your users onto your application using Twitter.
If you have a moment, please take a look at our Add login using the authorization code with PKCE to learn more.
Hoped this helps!
Please do not hesitate to reach out if you have any questions.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.