[Feature Request]: Twitter OAuth1 Provider

[JohnRSim]

Package

lucia-auth

Describe the problem

Previously I was using SvelteKit Auth

• unfortunately this only handles oAuth 2 with no plans to support v1.

The issue is - "OAuth 2.0 can only be used with the Twitter API v2."

The problem with this is that the twitter v2 API's still only has limited support for all the features

• and a lot of Devs still use v1 twitter APIs for a lot of the tasks - as twitter are making slow progress on V2.

Some examples of limitations with v2 that you can only do with v1 -

media upload user email retrieval activity api bookmark api

Describe the proposed solution

It would be great to be able to use Lucia-auth with a built in Twitter provider.

Alternatives considered

Looking at SK-Auth SK-Auth

or

Supabase https://supabase.com/docs/guides/auth/auth-helpers/sveltekit https://github.com/supabase/auth-helpers/tree/main/packages/sveltekit

Additional information

Unfortunately with Supabase and the twitter provider - you cannot get access to secret token returned by Twitter.

No response

[pilcrowOnPaper]

Ok 2 things:

1. OAuth 1 seems to be such a pain to do
2. I thought about doing it right now but since I don't have experience working with v1, I'll hold this off until I have enough time on my hand

[JohnRSim]

I understand ;) - Keep up the great work! Just setup your sveltekit example and playing with it now with github / Prisma ;)

I'll take a look at using SK-Auth approach using this twitter-api-v2 package https://github.com/plhery/node-twitter-api-v2/blob/HEAD/doc/auth.md and tie it in with lucia createUser as a tmp quick solution :)

[JohnRSim]

@pilcrowOnPaper Created a very, very rough gist example using twitter-api-v2 with sveltekit to handle the OAuth1. https://gist.github.com/JohnRSim/db5c8378707e8ab7011a956ffeab1115

Let me know if you see any issue with this - thanks :)

[pilcrowOnPaper]

Does cookies.delete() work? I've heard you need to specify the route, Other than that, looks good to me.

[JohnRSim]

Yup cookies.delete works I had to change the cookies path on set from / to active path. It's deleting fine when I check chrome console.

Great - so far everything's working smoothly the only thing that caught me out as I'm new the prisma is when updating the schema having to run push db otherwise I get errors in prisma studio.

[pilcrowOnPaper]

Ok I tried to do this again, but it was such a pain in the ass to do and gave up. I did make sure it was possible to add this without a breaking change so I'll tackle this post-1.0.

[cusxio]

What about Twitter OAuth 2.0 would that be more straight forward?

[pilcrowOnPaper]

OAuth 2.0 (likely) would be much easier

[cusxio]

Do you think it make sense to have two providers then? One for 1.0 and one for 2.0.

I ask this cause I'm eager to try lucia out. I can technically write my own Twitter provider, but it seems that the most of the utils needed to write a provider are not exported?

[Torbet]

Any update here on using Twitter OAuth 2?

[pilcrowOnPaper]

This may be unpopular, but I've decided to not implement Twitter OAuth 1.0a. It's an archaic spec that has been deprecated over 10 years ago. I do not think it's worth the effort to add and maintain an OAuth 1.0a implementation, especially to support just one (admittedly large) provider. We are not supporting CJS for the same reasons.

That said, I'm planning to add Twitter OAuth 2.0 with PKCE.