Bare Minimum Permissions to Login with Twitter

suresh · 2022-06-22T11:47:34.471Z

Hi,
I have a developer account and I want users to login to our website using Twitter.
I just need to associate the account with the Twitter User ID and I do not need any other permission.
As shown in the picture below, the login prompt indicates few permissions which I do not require.
Is there any way I can make it so that users are not prompted with these. I just want to associate the account with the twitter user ID. I am worried this prompt may not encourage users to proceed as they might not trust a new/unknown app.

I see there is already a discussion here: How to reduce the list of requested permission to bare minimum - #5 by sqsoftdev
But, wanted to check if there is any update on this.

Thanks in advance,

andypiper · 2022-06-23T14:08:18.846Z

The screenshot appears to show an Oauth 1.0A application with read-only permissions. Using our new OAuth 2 options, you can enable only the access that you want for your application.

suresh · 2022-06-24T04:18:44.719Z

In the GUI I have only OAuth2 enabled.

image613×509 34.1 KB

Please note that I am using “Login with Twitter” from firebase - in case it makes a difference.

andypiper · 2022-06-24T12:23:34.083Z

To be honest, I’m not certain how Firebase is set up to work with our new OAuth 2.0 implementation - you may want to see if they have any information there. The OAuth permissions screen is definitely showing that it is hitting the older implementation. I do not know whether Firebase works with Twitter OAuth 2.0 yet.

suresh · 2022-06-29T08:30:47.468Z

OK. Thanks for the reply.
Any pointer will be helpful to implement login with Twitter directy.

I found this document

developer.twitter.com

Log in with Twitter

along with POST oauth/request_token | Docs | Twitter Developer Platform

But, it says :

This is the first step in the OAuth 1.0a 3-legged OAuth flow

But I want to use Oauth 2.0

Finding it difficult to follow the documents as they have mixed information for multiple tasks and I lack expertise on the auth related terms.

andypiper · 2022-06-29T14:07:12.721Z

You’re right. At the moment the Sign in with Twitter flow is not separately documented as a login method for v2. You basically need to implement OAuth 2.0 with the required scopes (you mentioned “bare minimum permissions” but you did not specific what exact permissions you want, I guess users.read and tweet.read would be the absolute minimum for just knowing a user ID via users/me). This is part of the OAuth 2.0 Making requests on behalf of users documentation.

suresh · 2022-06-30T05:40:39.665Z

I want to only know the user’s Twitter USER-ID (big integer).

I found this document a bit more clearer on the flow.

https://docs.tweepy.org/en/latest/authentication.html#oauth-2-0-authorization-code-flow-with-pkce-user-context

But, it also states it is oauth1.

I found the instructions at OAuth 2.0 Making requests on behalf of users | Docs | Twitter Developer Platform. I think Tweepy is yet to support this. Maybe there are other libraries which could do - I will explore.

Thanks,
Suresh

IgorBrigadir · 2022-07-01T12:39:40.221Z

suresh:

I want to only know the user’s Twitter USER-ID (big integer).

You do not need to implement any of this login with twitter flow. Ask users to provide their username and look up their ID using GET /2/users/by | Docs | Twitter Developer Platform authenticating with your own credentials.

system · 2022-07-15T12:40:29.274Z

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.