Twitter

Use Log in with Twitter on your Auth0 workflow, also known as Sign in with Twitter, to place a button on your site or application which allows Twitter users to enjoy the benefits of a registered user account in as little as one click. This works on websites, iOS, mobile, and desktop applications.

The Twitter social connection allows users to log in to your application using their Twitter profile.

By default, Auth0 automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Auth0. Optionally, you can disable user profile data synchronization to allow for updating profile attributes from your application.

Prerequisites

Before you begin, apply for a Twitter Developer account.

Set up app in Twitter

Create a project and add a new app in the Twitter Developer portal. During this process, Twitter will generate an API Key and API Secret Key for your application; make note of these.

While setting up your app, use the following values:

Field	Value to Provide
Enable 3-legged OAuth	Toggle the switch to enable.
Callback URLs	https://YOUR_DOMAIN/login/callback
Website URL	https://YOUR_DOMAIN
App permissions	Select the option that fits your requirements. By default, your application will be granted Read Only permission.

Find your Auth0 domain name

If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, your regional subdomain (unless your tenant is in the US region and was created before June 2020), plus.auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.us.auth0.com and your callback URL would be https://exampleco-enterprises.us.auth0.com/login/callback. (If your tenant is in the US and was created before June 2020, then your domain name would be https://exampleco-enterprises.auth0.com.)

If you are using custom domains, your redirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

Test connection

You're ready to test your connection.

Access Twitter API

Once a user successfully authenticates, Twitter will include an Access Token in the user profile it returns to Auth0. You can use this token to call Twitter's API.

To get the Twitter Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.

Using the token, you can call Twitter's API following Twitter's documentation.

Optional: Get a Refresh Token from Twitter to refresh your Access Token once it expires. To ensure your application is secure, pay close attention to the restrictions on using Refresh Tokens.

Twitter allows you to use application-specific Access Tokens for many API calls without requiring user Access Tokens. When you create your app, a token is generated automatically and shown with the API Key and API Secret Key Twitter Developer App Management. Using application-specific Access Tokens will limit your app to requests that do not require user context. To learn more, see Twitter Developer Documentation: Application-Only Authentication.

Troubleshooting

If you are seeing errors, refer to the following troubleshooting steps.

User's email address is missing from retrieved user profile

Twitter connections do not retrieve the user's email address by default. However, you can add a rule to request the email address using the Access Token returned from Twitter providing you supply a privacy policy and terms & conditions.

Auth0 provides a rule template to get email addresses from Twitter. To use it, create a new rule with the Get Email Address from Twitter template under the Enrich Profile section.

If you are using Auth0 developer keys, this functionality will not work; you will need to use your Twitter API Key and API Secret Key.

You must also explicitly request permission to retrieve user email addresses for your Twitter app:

1. Log in to Twitter Developer Project and App Management.
2. Choose your project, and then your app settings.
3. Click Edit next to Authentication settings, then toggle the switch to enable Request email address from users.
4. Enter the appropriate links in the Terms of service and Privacy policy fields, then click Save.