robotdan
commented
1 year ago Twitter has supported OAuth for a long time, however - as far as I am aware this authentication is only available for application developers integrating with their APIs - and not for the "Login with Twitter" button.
https://developer.twitter.com/en/docs/authentication/guides/log-in-with-twitter
https://developer.twitter.com/en/docs/authentication/oauth-2-0
OAuth 2.0 Bearer Token authenticates requests on behalf of your developer App. As this method is specific to the App, it does not involve any users. This method is typically for developers that need read-only access to public information.
If Twitter does support OAuth 2.0 (Auth code grant) for login, then we should definitely use it, but I don't believe this is possible.
mooreds
Update Twitter to Use OAuth 2
Problem
Currently we support OAuth1.0 for twitter https://fusionauth.io/docs/v1/tech/apis/identity-providers/twitter
Looks like Twitter supports OAuth2 now: https://developer.twitter.com/en/docs/authentication/oauth-2-0
This would let us store the refresh token and probably simplify the codebase. Maybe keep the old identity provider around and add a Twitterv2?
Solution
We should update the twitter identity provider to use the newer protocol.
Alternatives/workarounds
n/a
Additional context
Came up in a twitter DM conversation with a community member.
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.