DEV Community: unasuke (Yusuke Nakamura) The latest articles on DEV Community by unasuke (Yusuke Nakamura) (@unasuke). https://dev.to/unasuke https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F41484%2Faea40632-ed8c-4faf-841d-4ea8ec07be74.png DEV Community: unasuke (Yusuke Nakamura) https://dev.to/unasuke en omniauth-twitter2 gem - How to authenticate twitter account by OAuth 2.0 on your Rails app? unasuke (Yusuke Nakamura) Wed, 30 Mar 2022 14:27:26 +0000 https://dev.to/unasuke/omniauth-twitter2-gem-how-to-authenticate-twitter-account-by-oauth-20-on-your-rails-app-5fm7 https://dev.to/unasuke/omniauth-twitter2-gem-how-to-authenticate-twitter-account-by-oauth-20-on-your-rails-app-5fm7 <h2> tl;dr </h2> <p>I made this gem.</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fassets.dev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/unasuke" rel="noopener noreferrer"> unasuke </a> / <a href="https://github.com/unasuke/omniauth-twitter2" rel="noopener noreferrer"> omniauth-twitter2 </a> </h2> <h3> OmniAuth strategy for authenticating with Twitter OAuth2 </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">OmniAuth::Twitter2</h1> </div> <p><a href="https://github.com/unasuke/omniauth-twitter2/actions/workflows/main.yml" rel="noopener noreferrer"><img src="https://github.com/unasuke/omniauth-twitter2/actions/workflows/main.yml/badge.svg" alt="test"></a> <a href="https://github.com/unasuke/omniauth-twitter2/blob/main/LICENSE.txt" rel="noopener noreferrer"><img src="https://camo.githubusercontent.com/ac3714419dde66cb49a627f11c02dad498aeb729f1d31c92c695c71ce1625437/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f756e6173756b652f6f6d6e69617574682d7477697474657232" alt="GitHub license"></a> <a href="https://rubygems.org/gems/omniauth-twitter2" rel="nofollow noopener noreferrer"><img src="https://camo.githubusercontent.com/5a851202f437bf5d970be5c440a84198ad7b52fd1060a0caed66c1a8558af62e/68747470733a2f2f62616467652e667572792e696f2f72622f6f6d6e69617574682d74776974746572322e737667" alt="Gem Version"></a></p> <p>This gem provides a OmniAuth strategy for authenticating with Twitter OAuth2.</p> <div class="markdown-heading"> <h2 class="heading-element">Installation</h2> </div> <p>Add this line to your application's Gemfile:</p> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto js-code-highlight"> <pre><span class="pl-en">gem</span> <span class="pl-s">'omniauth-twitter2'</span></pre> </div> <p>And then execute:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto"><pre class="notranslate"><code>$ bundle install </code></pre></div> <p>Or install it yourself as:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto"><pre class="notranslate"><code>$ gem install omniauth-twitter2 </code></pre></div> <div class="markdown-heading"> <h2 class="heading-element">Usage</h2> </div> <div class="markdown-heading"> <h3 class="heading-element">Rails</h3> </div> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto js-code-highlight"> <pre><span class="pl-c"># config/initializers/omniauth.rb</span> <span class="pl-v">Rails</span><span class="pl-kos">.</span><span class="pl-en">application</span><span class="pl-kos">.</span><span class="pl-en">config</span><span class="pl-kos">.</span><span class="pl-en">middleware</span><span class="pl-kos">.</span><span class="pl-en">use</span> <span class="pl-v">OmniAuth</span>::<span class="pl-v">Builder</span> <span class="pl-k">do</span> <span class="pl-en">provider</span> <span class="pl-pds">:twitter2</span><span class="pl-kos">,</span> <span class="pl-c1">ENV</span><span class="pl-kos">[</span><span class="pl-s">"TWITTER_CLIENT_ID"</span><span class="pl-kos">]</span><span class="pl-kos">,</span> <span class="pl-c1">ENV</span><span class="pl-kos">[</span><span class="pl-s">"TWITTER_CLIENT_SECRET"</span><span class="pl-kos">]</span><span class="pl-kos">,</span> <span class="pl-pds">callback_path</span>: <span class="pl-s">'/auth/twitter2/callback'</span><span class="pl-kos">,</span> <span class="pl-pds">scope</span>: <span class="pl-s">"tweet.read users.read"</span> <span class="pl-k">end</span></pre> </div> <div class="markdown-heading"> <h3 class="heading-element">Auth Hash</h3> </div> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto js-code-highlight"> <pre> <span class="pl-kos">{</span> <span class="pl-s">"provider"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"twitter2"</span><span class="pl-kos">,</span> <span class="pl-s">"uid"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"108252390"</span><span class="pl-kos">,</span> <span class="pl-s">"info"</span> <span class="pl-c1">=&gt;</span> <span class="pl-kos">{</span> <span class="pl-s">"name"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"うなすけ"</span><span class="pl-kos">,</span> <span class="pl-s">"email"</span> <span class="pl-c1">=&gt;</span> <span class="pl-c1">nil</span><span class="pl-kos">,</span> <span class="pl-s">"nickname"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"yu_suke1994"</span><span class="pl-kos">,</span> <span class="pl-s">"description"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"帰って寝たい"</span><span class="pl-kos">,</span> <span class="pl-s">"image"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"https://pbs.twimg.com/profile_images/580019517608218624/KzEZSzUy_normal.jpg"</span><span class="pl-kos">,</span> <span class="pl-s">"urls"</span> <span class="pl-c1">=&gt;</span> <span class="pl-kos">{</span> <span class="pl-s">"Website"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"https://t.co/NCFLB8wDkx"</span><span class="pl-kos">,</span> <span class="pl-s">"Twitter"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"https://x.com/yu_suke1994"</span> <span class="pl-kos">}</span> <span class="pl-kos">}</span><span class="pl-kos">,</span> <span class="pl-s">"credentials"</span> <span class="pl-c1">=&gt;</span> <span class="pl-kos">{</span> <span class="pl-s">"token"</span> <span class="pl-c1">=&gt;</span> <span class="pl-s">"TOKENTOKENTOKENTOKENTOKENTOKEN"</span><span class="pl-kos">,</span> <span class="pl-s">"expires_at"</span> <span class="pl-c1">=&gt;</span> <span class="pl-c1">1642016242</span><span class="pl-kos">,</span> <span class="pl-s">"expires"</span> <span class="pl-c1">=&gt;</span> <span class="pl-c1">true</span> <span class="pl-kos">}</span><span class="pl-kos">,</span> <span class="pl-s">"extra"</span> <span class="pl-c1">=&gt;</span> <span class="pl-kos">{</span> <span class="pl-s">"raw_info"</span> <span class="pl-c1">=&gt;</span> <span class="pl-kos">{</span> <span class="pl-s">"data"</span> <span class="pl-c1">=&gt;</span> <span class="pl-kos">{</span> <span class="pl-s">"profile_image_url"</span> <span class="pl-c1">=&gt;</span></pre>… </div> </div> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/unasuke/omniauth-twitter2" rel="noopener noreferrer">View on GitHub</a></div> </div> <p>This gem is one of the OmniAuth strategies for Twitter, using OAuth 2.0 for the authentication protocol.</p> <h2> We have omniauth-twitter gem. Why this gem? </h2> <p>Yes, the omniauth-twitter gem is a well-maintained, widely-used gem.</p> <p><a href="https://github.com/arunagw/omniauth-twitter" rel="noopener noreferrer">https://github.com/arunagw/omniauth-twitter</a></p> <p>But, omniauth-twitter uses OAuth 1.0a.</p> <h2> Twitter OAuth 2.0 GA from 2021-12-15 </h2> <p>When 2021-12-15, Twitter announced OAuth 2.0 General Availability.</p> <p><iframe class="tweet-embed" id="tweet-1470834775019515907-69" src="https://platform.twitter.com/embed/Tweet.html?id=1470834775019515907"> </iframe> // Detect dark theme var iframe = document.getElementById('tweet-1470834775019515907-69'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1470834775019515907&amp;theme=dark" } </p> <p>And we can use "new fine-grained permission scopes" at the release.</p> <p>We could choose those three kinds of scopes in the older permission scope. That's too rough.</p> <ul> <li>Read</li> <li>Read and Write</li> <li>Read and write and Direct message</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frgifpkpvuoz520pjzfdb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frgifpkpvuoz520pjzfdb.png" alt="OAuth 1.0a permission scopes" width="616" height="409"></a></p> <p>But now, We can choose <strong>enough permissions</strong> from the list on OAuth 2.0 (through Twitter API V2)</p> <p><a href="https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code" rel="noopener noreferrer">https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code</a></p> <p><code>tweet.read</code>, <code>tweet.write</code>, <code>tweet.moderate.write</code>, <code>users.read</code>, <code>follows.read</code>, <code>follows.write</code>, <code>offline.access</code>, <code>space.read</code>, <code>mute.read</code>, <code>mute.write</code>, <code>like.read</code>, <code>like.write</code>, <code>list.read</code>, <code>list.write</code>, <code>block.read</code>, <code>block.write</code></p> <h2> OK, how to use twitter with OAuth 2.0 with my rails app? </h2> <p>I created a gem, "omniauth-twitter2". </p> <p><a href="https://github.com/unasuke/omniauth-twitter2" rel="noopener noreferrer">https://github.com/unasuke/omniauth-twitter2</a></p> <p>This is one of the omniauth strategies, so it's easy to integrate your rails app if you use omniauth (or devise?)</p> <p>("2" means OAuth 2.0, not means successor of "omniauth-twitter" gem. because the gem still working everywhare!)</p> <p>And I have created a sample application that uses omniauth and omniauth-twitter2.</p> <ul> <li>URL: <a href="https://twitter-login-app.onrender.com/" rel="noopener noreferrer">https://twitter-login-app.onrender.com/</a> </li> <li>Source code: <a href="https://github.com/unasuke/twitter-login-app" rel="noopener noreferrer">https://github.com/unasuke/twitter-login-app</a> </li> </ul> <p>This app only signs in with twitter, but it's enough to show how to implement "sign in with Twitter".</p> <h2> Attention </h2> <p>If you want to use OAuth 2.0 API in your twitter app, you should move your app to under "Project". You can't use OAuth 2.0 in your app if the app is still a "Standalone app".</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fro4p0uaev4dm3l83o265.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fro4p0uaev4dm3l83o265.png" alt="twitter developer portal" width="800" height="704"></a> </p> <p>...And I'm not a specialist in the authentication. Please give me a pull request or issue if you found a bug.</p> <p>I'm glad if you star the GitHub repository or share the post, if you want!</p> <p>📝 Original post: <a href="https://blog.unasuke.com/2022/how-to-authenticate-twitter-account-by-oauth-2/" rel="noopener noreferrer">https://blog.unasuke.com/2022/how-to-authenticate-twitter-account-by-oauth-2/</a></p> rails ruby omniauth twitter