Connect Your App to Twitter

To connect your Auth0 application to Twitter, you will need to generate Consumer and Secret Keys in a Twitter application, copy these into your Auth0 settings, and enable the connection.

If you're using a custom domain, you'll need to add that domain to the callback URLs list of your Twitter application. For more information on this change, see this Twitter developer forum post.

1. Create a Twitter application

  1. Login to Twitter Application Management.

  2. Click Create New App:

    Create new Twitter app

  3. Provide the required information. For the Callback URL, enter https://YOUR_AUTH0_DOMAIN/login/callback. If you're using a custom domain, add that domain as another callback URL.

    Callback URL

  4. Agree to the Developer Agreement and click Create your Twitter Application.

  5. Once the app is created, go to the Settings tab and verify that the Allow this application to be used to Sign in with Twitter option is selected.

    Allow this application to be used to Sign in with Twitter

2. Get your Consumer Key and Consumer Secret

  1. Your Consumer Key and Consumer Secret will be displayed in the Keys and Access Tokens tab of your app on Twitter:

    Consumer Key and Consumer Secret

  2. Leave this window open.

3. Copy your Consumer Key and Consumer Secret in Auth0

  1. In a separate window, login to the Auth0 Dashboard and select Connections > Social in the left navigation.

  2. Select the connection with the Twitter logo to access this connection's Settings page.

  3. Copy the Consumer Key and Consumer Secret from your app's Keys and Access Tokens tab on Twitter into the fields on this page on Auth0.

    Update Auth0 connection settings

  4. Click Save.

Twitter Profile Attribute Permissions

Unlike many social identity providers, Twitter manages profile attribute permissions at the application level. By default, your application will be granted Read and Write permissions. You can customize these in the Permissions section of the Twitter Application Management page. For more information, see: Application Permission Model.

4. Enable the connection

  1. Go to the Applications tab of the Twitter connection on Auth0 and select each of your existing Auth0 applications for which you want to enable this connection:

    Enable connection for applications

  2. Click Save.

5. Test your connection

  1. Go back to the Connections > Social section of the Auth0 dashboard. If you have configured your app correctly, you will see a Try icon next to the Twitter logo:

    Try connection

  2. Click the Twitter logo to return to the Settings page of this connection and click Try:

    Try connection

  3. You will be asked to sign-in to Twitter to authorize your new app to access your Twitter account:

    Authorize the new app

  4. If you have configured everything correctly, you will see the It works!!! page:

    Test results

6. Access Twitter API

Once you successfully authenticate a user, Twitter includes an Access Token in the user profile it returns to Auth0.

You can then use this token to call their API.

In order to get a Twitter Access Token, you have to retrieve the full user's profile, using the Auth0 Management API, and extract the Access Token from the response. For detailed steps refer to Call an Identity Provider API.

Once you have the token you can call the API, following Twitter's documentation.

For more information on these tokens, refer to Identity Provider Access Tokens.

Application-Specific Access Tokens

Unlike many social identity providers, Twitter allows you to use application-specific Access Tokens for many API calls without requiring user Access Tokens. You can generate these tokens in Twitter Application Management. Using application-specific Access Tokens will limit your app to requests that do not require user context. For more information, see Twitter Developer Documentation: Application-Only Authentication.

Troubleshooting

If you are seeing errors, refer to the following troubleshooting steps.

User's email address is missing from retrieved user profile

If you are using Auth0 developer keys, this functionality will not work; you will need to use your Twitter Consumer Key and Consumer Secret.

Otherwise, you must explicitly request permission to retrieve user email addresses for your Twitter app:

  1. Login to Twitter Application Management.
  2. Choose your app.
  3. Go to the Settings tab, and enter the appropriate links in the Terms of Service URL and Privacy Policy URL fields.
  4. Click Update Settings.
  5. Go to the Permissions tab, and select the Request email addresses from users option.
  6. Click Update Settings.

Users are presented with the Twitter authorization screen each time they log in

You must configure your Twitter app to let users sign in with Twitter:

  1. Login to Twitter Application Management.
  2. Choose your app.
  3. Go to the Settings tab, and select the Allow this application to be used to Sign in with Twitter option.
  4. Click Update Settings.

Login fails with message “Error retrieving email from Twitter”

You are using the Login by Auth0 WordPress plugin and have enabled the Requires Verified Email setting, but have not explicitly requested permission to retrieve user email addresses for your Twitter app. You will need to either configure your Twitter app to request email addresses from users or disable the Requires Verified Email setting in the Login by Auth0 WordPress plugin.

To configure your Twitter app to request email addresses from users:

  1. Login to Twitter Application Management.
  2. Choose your app.
  3. Go to the Settings tab, and enter the appropriate links in the Terms of Service URL and Privacy Policy URL fields.
  4. Click Update Settings.
  5. Go to the Permissions tab, and select the Request email addresses from users option.
  6. Click Update Settings.

To disable the Requires Verified Email setting in the Login by Auth0 WordPress plugin:

  1. Login to your WordPress site's admin area (example: http://www.yoursite.com/wp-admin/).
  2. Choose your site, and go to Auth0 > Settings.
  3. Go to the Advanced tab, and deselect the Requires Verified Email option.
  4. Click Save Changes.