Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is OAuth 2.0 with PKCE flow supported? #1041

Closed
antsstyle opened this issue Feb 22, 2022 · 6 comments
Closed

Is OAuth 2.0 with PKCE flow supported? #1041

antsstyle opened this issue Feb 22, 2022 · 6 comments
Labels
Help wanted OAuth

Comments

@antsstyle
Copy link

Hi everyone,

Just wondering in case I've missed it - is Twitter's OAuth 2.0 with PKCE flow supported in TwitterOAuth? I can't find mention of it anywhere in the docs, and the methods I can find only seem to support OAuth 1.0a.

Still figuring out exactly how the PKCE flow works with Twitter, sorry if I missed something obvious somewhere!
@abraham
Copy link
Owner

abraham commented Feb 28, 2022

I believe this will require some work but I haven't had time to look into it yet.

@antsstyle
Copy link
Author

Alright. I'm looking into it during the month - if I figure it out, if I have time I'll make a pull request, or if not I'll post my findings here.

@antsstyle
Copy link
Author

antsstyle commented Mar 8, 2022
edited

Writing an update here, have managed to get OAuth2 with PKCE working and making requests successfully. The main pitfalls were getting the authorize URL correct and putting correct scopes on the access tokens.

The example pseudocode here for a Confidential Client app that can keep its client secret secure. I'll try and write a proper explanation and some better code if I get time. Sorry for the not-so-great code quality xD
twitteroauth2pkce.zip

@ghnp5
Copy link

ghnp5 commented Nov 19, 2022
edited

Hi @abraham . Is this supported now by any chance? Doesn't seem like, but I'd like to confirm with you 😊
Thank you!

@anibalsanchez
Copy link

OAuth2 with PKCE for Twitter APIv2 is supported by The PHP League with https://github.com/smolblog/oauth2-twitter

You can use smolblog/oauth2-twitter to generate the Bearer Token and then use it in abraham/twitteroauth.

// Create the Auth provider
$twitterProvider = new Smolblog\OAuth2\Client\Provider\Twitter([
            'clientId'          => $this->clientId,
            'clientSecret'      => $this->clientSecret,
            'redirectUri'       => ....,
        ]);
....
$authUrl = $twitterProvider->getAuthorizationUrl(['scope' => self::SCOPE_PERMISSIONS]);
// Redirect to grant the permissions
...
// Exchange the answered code to the token
$bearerToken = $provider->getAccessToken('authorization_code', [
    'code' => $code,
    'code_verifier' => $oauth2verifier,
]);

....
// Use the bearer token
$twitterOAuth = new Abraham\TwitterOAuth\TwitterOAuth(
            $this->consumerKey,
            $this->consumerSecret,
            null,
            $bearerToken->getToken()
        );

@abraham
Copy link
Owner

abraham commented Jul 24, 2023

TwitterOAuth is in maintenance mode and major improvements are no longer planned. #1188

@abraham abraham closed this as completed Jul 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help wanted OAuth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@abraham @anibalsanchez @antsstyle @ghnp5