Hi there!
I’m interested in adding Twitter as a social connection for my app. I see that Twitter is one of the options in the social section of the dashboard. However, it uses the legacy version of Twitter auth based on OAuth 1.0a. I would like to use the newer version of Twitter auth based on OAuth 2.0, because it has more granular permissions and a nicer UI.
I tried creating a custom social auth connection, passing in Twitter’s urls for the authorize and token urls, which are https://twitter.com/i/oauth2/authorize and https://api.x.com/2/oauth2/token respectively, as well as my Twitter client ID and secret. However, when I test this I get an error on Twitter’s login page for an invalid request: the request to the authorize endpoint is missing code_challenge
and code_challenge_method
fields.
This happens even when my app passes a code_challenge
and code_challenge_method
to Auth0 when redirecting: even if I do this, Auth0 does not pass these parameters along to Twitter when it redirects the user from Auth0 to Twitter. (And even if it did, Auth0 wouldn’t know the appropriate code_verifier
to be able to call the token endpoint in the next step of the flow).
I can hardcode a code challenge into the authorize endpoint and a code verifier into the token endpoint in my Auth0 dashboard, but I believe having this be a fixed value defeats the purpose of a code challenge. Is there any way to have Auth0 generate this dynamically, and likewise pass the corresponding code_verifier when calling the token endpoint? Or is there any other way that people know of to get Auth0 to work with Twitter OAuth 2.0?
I found this earlier post which asks the same question, but I don’t think its answer addresses the question as it doesn’t explain how to have Auth0 provide the code challenge and verifier to Twitter when used as a social connection,