Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Twitter OAuth2 support
See original GitHub issueIs there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe the problem.
The current Twitter authentication implementation uses OAuth1a. Twitter now supports OAuth2 which is much simpler to work with and maintain. It almost works with the default OAuth base class, except that the clientid and secret need to be sent to the token endpoint in the authorization header rather than the body.
Describe the solution you’d like
Consider any or all of the following: A) Deprecate the OAuth1a implementation. Updating the implementation in place to OAuth2 would be breaking anyways. B) Implement a new OAuth2 Twitter auth handler. This could be done here in ASP.NET Core 7 or in aspnet-contrib, they’d ship faster and give downlevel support.
Additional context
Here’s some sample code based on our SocialSample that gets Twitter OAuth2 working in a minimal way. This doesn’t include fetching claims.
var backchannel = new HttpClient();
var byteArray = Encoding.ASCII.GetBytes(Configuration["twitter2:clientid"] + ":" + Configuration["twitter2:clientsecret"]);
backchannel.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(byteArray));
// https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code
.AddOAuth("Twitter2-AccessToken", "Twitter2 AccessToken only", o =>
{
o.ClientId = Configuration["twitter2:clientid"];
o.ClientSecret = Configuration["twitter2:clientsecret"];
o.CallbackPath = new PathString("/signin-twitter2-token");
o.AuthorizationEndpoint = "https://twitter.com/i/oauth2/authorize";
o.TokenEndpoint = "https://api.twitter.com/2/oauth2/token";
o.SaveTokens = true;
o.UsePkce = true;
o.Scope.Add("users.read");
o.Backchannel = backchannel;
})
A more complete implementation would look like this: https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/blob/51f4c0065774d10ce18aec6c73c9a040d150e107/src/AspNet.Security.OAuth.Notion/NotionAuthenticationHandler.cs#L28
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:12 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yeah, this is the Twitter documentation showing differences between Twitter 2 API (using OAuth 2) and old API (using OAuth 1.0a): https://developer.twitter.com/en/docs/twitter-api/migrate/twitter-api-endpoint-map
The aspnet-contrib Twitter OAuth 2.0 provider is now available from NuGet.org: https://www.nuget.org/packages/AspNet.Security.OAuth.Twitter/6.0.3