We are using Ping Federate Twitter Cloud Identity connector. The happy path will work like below
User navigates to a Web application and chooses to log on using his or her Twitter account.
The browser is redirected to the Twitter Adapter.
The Twitter Adapter requests a request token from Twitter. The Twitter Adapter callback URL is passed as a parameter with this request. Twitter returns the request token.
The PingFederate server redirects the user to Twitter for authentication, including the request token as a parameter. A list of requested permissions is provided in this call.
If the user is not already logged on, Twitter challenges the user to authenticate. Twitter authenticates the user and provides a consent page for the user to authorize the sharing of information. Once the user authorizes, Twitter redirects the browser to the Twitter Adapter callback URL with a verification code.
If the user does not authenticate, an error is returned rather than the verification code.
The Adapter makes an HTTP request to Twitter to obtain an access token, sending the request token and verification code as parameters. Twitter validates these components and returns an access token.
The Adapter uses the access token to retrieve user information from Twitter, and Twitter returns the user information.
The Adapter redirects the user to the Web application with the user attributes.
you can find full details of how it works on http://documentation.pingidentity.com/display/TCIC111/Processing+Overview
