Twitter Oauth 2.0 permission scope configuration #4251

undefnied · 2022-03-24T22:03:20Z

undefnied
Mar 24, 2022

Hi everyone,

looking at the code I've seen that the permission scope is hard coded:

      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: { scope: "users.read tweet.read offline.access" },
      },

It would be nice to have the possibility to configure them through the options parameter with something like:

      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: { scope: options.scope || "users.read tweet.read offline.access" },
      },

Do you think it could be an improvement?

Thanks.
U.

sebastiancrossa · 2022-03-26T18:38:39Z

sebastiancrossa
Mar 26, 2022

running into the same issue, i need more specific scopes outside of the default ones but can't change them.

doing this doesn't seem to work either:

providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CLIENT_ID,
      clientSecret: process.env.TWITTER_CLIENT_SECRET,
      version: '2.0',
      scope: 'users.read tweet.read bookmark.read',
    }),
  ],

0 replies

undefnied · 2022-03-30T08:12:53Z

undefnied
Mar 30, 2022
Author

I've found the solution. The right way to configure the scope is this:

  providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CONSUMER_KEY,
      clientSecret: process.env.TWITTER_CONSUMER_SECRET,
      version: "2.0",
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope: "users.read tweet.read offline.access like.read list.read",
        },
      },
    }),
  ],

it's documented here: https://next-auth.js.org/configuration/providers/oauth#how-to

2 replies

midoalone Feb 8, 2023

I've found the solution. The right way to configure the scope is this:

  providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CONSUMER_KEY,
      clientSecret: process.env.TWITTER_CONSUMER_SECRET,
      version: "2.0",
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope: "users.read tweet.read offline.access like.read list.read",
        },
      },
    }),
  ],

it's documented here: https://next-auth.js.org/configuration/providers/oauth#how-to

This works, thanks bro

asseph Dec 9, 2023

Is this only possible in next-auth version 4?

asseph · 2023-12-10T19:00:36Z

asseph
Dec 10, 2023

How to use access_token and refresh token to post tweet?

2 replies

ukrocks007 May 8, 2024

You can use twitter-api-sdk along with next-auth.

import Client, { auth } from 'twitter-api-sdk';

const options: NextAuthOptions = {
  providers: [
    TwitterProvider({
      clientId: env.twitter.clientId,
      clientSecret: env.twitter.clientSecret,
      version: '2.0',
      authorization:{
        params: {
          scope: "users.read tweet.read tweet.write offline.access follows.read follows.write"
        }
      }
    }),
  ],
  callbacks: {
    async signIn({ user, account, profile }): Promise<any> {
      // Check if the provider is Twitter
      if (account?.provider === "twitter") {
        const userId = user?.id as string; // User ID from Twitter
        const { access_token } = account;
        const client = new Client(new auth.OAuth2Bearer(access_token));

        const tweetRes = await client.tweets.createTweet({
          text: 'Tweet Content!',
        });
        return user;
      }

      // Return the user data for other providers
      return { ...user };
    },
  secret: process.env.SECRET,
};

wang4621 Jun 19, 2024

You can use twitter-api-sdk along with next-auth.

import Client, { auth } from 'twitter-api-sdk';

const options: NextAuthOptions = {
  providers: [
    TwitterProvider({
      clientId: env.twitter.clientId,
      clientSecret: env.twitter.clientSecret,
      version: '2.0',
      authorization:{
        params: {
          scope: "users.read tweet.read tweet.write offline.access follows.read follows.write"
        }
      }
    }),
  ],
  callbacks: {
    async signIn({ user, account, profile }): Promise<any> {
      // Check if the provider is Twitter
      if (account?.provider === "twitter") {
        const userId = user?.id as string; // User ID from Twitter
        const { access_token } = account;
        const client = new Client(new auth.OAuth2Bearer(access_token));

        const tweetRes = await client.tweets.createTweet({
          text: 'Tweet Content!',
        });
        return user;
      }

      // Return the user data for other providers
      return { ...user };
    },
  secret: process.env.SECRET,
};

is the OAuth2Bearer using User context?

i keep hitting "Too many requests" from twitter when i am not doing too much

Shirshakkandel · 2024-10-01T11:17:34Z

Shirshakkandel
Oct 1, 2024

I also face this problem and when I see twitter.js file inside node_modules of auth.js find out authorization URL is hard coded with this URL string https://x.com/i/oauth2/authorize?scope=users.read tweet.read offline.access To fix it follow following step follow by me.

For youtube video reference

change the Twitter.js file by the scope you want to add mine was https://x.com/i/oauth2/authorize?scope=tweet.read tweet.write users.read like.write like.read list.read list.write offline. access.
As you have change inside node_modules which is inside .gitignore file we need to patch the auth.js package.
install patch-package using npm i patch-package and run command npx patch-package @auth/core
delete node_modules and at package.json add postinstall command ⇒ "postinstall": "patch-package".
install node_modules and run it will work.

0 replies

cupid20103 · 2025-05-15T14:54:02Z

cupid20103
May 15, 2025

import NextAuth from "next-auth";
import Twitter from "next-auth/providers/twitter";
import { PrismaAdapter } from "@auth/prisma-adapter";

import prisma from "./prisma";

export const { handlers, auth, signIn, signOut } = NextAuth({
  adapter: PrismaAdapter(prisma),
  session: { strategy: "jwt" },
  pages: { signIn: "/", error: "/auth/error" },
  providers: [
    Twitter({
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope:
            "users.read tweet.read tweet.write bookmark.read bookmark.write like.read list.read follows.read offline.access",
        },
      },
    }),
  ],
  callbacks: {
    async jwt({ token, account, user }) {
      if (account && user) {
        token.accessToken = account.access_token;
        token.userID = account.providerAccountId;
        token.id = user.id;
      }

      return token;
    },
    async session({ session, token }) {
      session.accessToken = token.accessToken as string;
      session.userID = token.userID as string;
      session.user.id = token.id as string;

      return session;
    },
  },
});

0 replies

Uh oh!

Twitter Oauth 2.0 permission scope configuration #4251

Uh oh!

Uh oh!

Replies: 5 comments · 4 replies

Uh oh!

Uh oh!

undefnied Mar 30, 2022 Author

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Replies: 5 comments 4 replies

undefnied
Mar 30, 2022
Author