Twitter Oauth 2.0 permission scope configuration

[undefnied]

Hi everyone,

looking at the code I've seen that the permission scope is hard coded:

      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: { scope: "users.read tweet.read offline.access" },
      },

It would be nice to have the possibility to configure them through the options parameter with something like:

      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: { scope: options.scope || "users.read tweet.read offline.access" },
      },

Do you think it could be an improvement?

Thanks.
U.

[sebastiancrossa]

running into the same issue, i need more specific scopes outside of the default ones but can't change them.

doing this doesn't seem to work either:

providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CLIENT_ID,
      clientSecret: process.env.TWITTER_CLIENT_SECRET,
      version: '2.0',
      scope: 'users.read tweet.read bookmark.read',
    }),
  ],

[undefnied]

I've found the solution. The right way to configure the scope is this:

  providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CONSUMER_KEY,
      clientSecret: process.env.TWITTER_CONSUMER_SECRET,
      version: "2.0",
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope: "users.read tweet.read offline.access like.read list.read",
        },
      },
    }),
  ],

it's documented here: https://next-auth.js.org/configuration/providers/oauth#how-to

[midoalone]

I've found the solution. The right way to configure the scope is this:

  providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CONSUMER_KEY,
      clientSecret: process.env.TWITTER_CONSUMER_SECRET,
      version: "2.0",
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope: "users.read tweet.read offline.access like.read list.read",
        },
      },
    }),
  ],

it's documented here: https://next-auth.js.org/configuration/providers/oauth#how-to

This works, thanks bro

[asseph]

Is this only possible in next-auth version 4?

[asseph]

How to use access_token and refresh token to post tweet?

[ukrocks007]

You can use twitter-api-sdk along with next-auth.

import Client, { auth } from 'twitter-api-sdk';

const options: NextAuthOptions = {
  providers: [
    TwitterProvider({
      clientId: env.twitter.clientId,
      clientSecret: env.twitter.clientSecret,
      version: '2.0',
      authorization:{
        params: {
          scope: "users.read tweet.read tweet.write offline.access follows.read follows.write"
        }
      }
    }),
  ],
  callbacks: {
    async signIn({ user, account, profile }): Promise<any> {
      // Check if the provider is Twitter
      if (account?.provider === "twitter") {
        const userId = user?.id as string; // User ID from Twitter
        const { access_token } = account;
        const client = new Client(new auth.OAuth2Bearer(access_token));

        const tweetRes = await client.tweets.createTweet({
          text: 'Tweet Content!',
        });
        return user;
      }

      // Return the user data for other providers
      return { ...user };
    },
  secret: process.env.SECRET,
};

[wang4621]

You can use twitter-api-sdk along with next-auth.

import Client, { auth } from 'twitter-api-sdk';

const options: NextAuthOptions = {
  providers: [
    TwitterProvider({
      clientId: env.twitter.clientId,
      clientSecret: env.twitter.clientSecret,
      version: '2.0',
      authorization:{
        params: {
          scope: "users.read tweet.read tweet.write offline.access follows.read follows.write"
        }
      }
    }),
  ],
  callbacks: {
    async signIn({ user, account, profile }): Promise<any> {
      // Check if the provider is Twitter
      if (account?.provider === "twitter") {
        const userId = user?.id as string; // User ID from Twitter
        const { access_token } = account;
        const client = new Client(new auth.OAuth2Bearer(access_token));

        const tweetRes = await client.tweets.createTweet({
          text: 'Tweet Content!',
        });
        return user;
      }

      // Return the user data for other providers
      return { ...user };
    },
  secret: process.env.SECRET,
};

is the OAuth2Bearer using User context?

i keep hitting "Too many requests" from twitter when i am not doing too much

[Shirshakkandel]

I also face this problem and when I see twitter.js file inside node_modules of auth.js find out authorization URL is hard coded with this URL string https://x.com/i/oauth2/authorize?scope=users.read tweet.read offline.access To fix it follow following step follow by me.

For youtube video reference

1. change the Twitter.js file by the scope you want to add mine was https://x.com/i/oauth2/authorize?scope=tweet.read tweet.write users.read like.write like.read list.read list.write offline. access.

2. As you have change inside node_modules which is inside .gitignore file we need to patch the auth.js package.

3. install patch-package using npm i patch-package and run command npx patch-package @auth/core

4. delete node_modules and at package.json add postinstall command ⇒ "postinstall": "patch-package".

5. install node_modules and run it will work.