Twitter recommends that the majority of developers start to think about migrating to v2 of the API.
This package is a Passport strategy for authenticating with Twitter using the OAuth 2.0 API.
By plugging into Passport, Twitter authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
$ npm install passport-twitter-oauth2.0Please note that Twitter requires clients to use PKCE (RFC 7636) when authenticating with OAuth 2.0. When using PKCE with Passport, clients are required to enable sessions. Furthermore, the options object passed to the strategy has to specify pkce=true and state=true.
import TwitterStrategy from "passport-twitter-oauth2.0";
passport.use(
new TwitterStrategy(
{
clientID: TWITTER_CLIENT_ID,
clientSecret: TWITTER_CLIENT_SECRET,
callbackURL: YOUR_CALLBACK_URL,
clientType: "public", // "public" or "private"
pkce: true, // required,
state: true, // required
},
function (accessToken, refreshToken, profile, done) {
User.findOrCreate({ githubId: profile.id }, function (err, user) {
return done(err, user);
});
}
)
);Use passport.authenticate(), specifying the 'github' strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get(
"/auth/twitter",
passport.authenticate("twitter", { scope: ["offline.access"] })
);
app.get(
"/auth/twitter/callback",
passport.authenticate("twitter", { failureRedirect: "/login" }),
function (req, res) {
// Successful authentication, redirect home.
res.redirect("/");
}
);