We’re about to start using the Twitter v2 API, which requires their newly released OAuth2 auth flow.
However, they seem to only support PKCE based auth flow, and require the code_challenge and code_challenge_method params for the authorize GET call, and the corresponding code_verifier for the oauth/token POST call.
I can force the code_challenge and code_challenge_method params into the authorize query params using the authParams options field for the connection, but I can’t figure out how to include the code_verifier in the body for the token exchange call.
Is there anyway to configure a custom social connection to use PKCE or to modify the token request body?
Also, in general, other than authParams , are there other options available to configure custom social connections? What options are available for the oauth2 strategy?
I understand you have questions about using the Twitter Social Connection.
Yes, it is possible. First let me explain that your Twitter Social Connection is a type of connection, whereas PKCE is related to your application type. In general, you can use any connection type like database, social, or passwordless to login onto your application. However, in this instance, it appears that Twitter requires an application type that uses PKCE.
In this case, there is the option to use a Single Page Application, Mobile Application, or Native Application to call the authorization code with PKCE. For example, in React Native. From doing so, you will be compliant with PKCE and can authenticate your users onto your application using Twitter.