Twitter Oauth 2.0 permission scope configuration

[undefnied]

Hi everyone,

looking at the code I've seen that the permission scope is hard coded:

      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: { scope: "users.read tweet.read offline.access" },
      },

It would be nice to have the possibility to configure them through the options parameter with something like:

      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: { scope: options.scope || "users.read tweet.read offline.access" },
      },

Do you think it could be an improvement?

Thanks.
U.

[sebastiancrossa]

running into the same issue, i need more specific scopes outside of the default ones but can't change them.

doing this doesn't seem to work either:

providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CLIENT_ID,
      clientSecret: process.env.TWITTER_CLIENT_SECRET,
      version: '2.0',
      scope: 'users.read tweet.read bookmark.read',
    }),
  ],

[undefnied]

I've found the solution. The right way to configure the scope is this:

  providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CONSUMER_KEY,
      clientSecret: process.env.TWITTER_CONSUMER_SECRET,
      version: "2.0",
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope: "users.read tweet.read offline.access like.read list.read",
        },
      },
    }),
  ],

it's documented here: https://next-auth.js.org/configuration/providers/oauth#how-to

[midoalone]

I've found the solution. The right way to configure the scope is this:

  providers: [
    TwitterProvider({
      clientId: process.env.TWITTER_CONSUMER_KEY,
      clientSecret: process.env.TWITTER_CONSUMER_SECRET,
      version: "2.0",
      authorization: {
        url: "https://twitter.com/i/oauth2/authorize",
        params: {
          scope: "users.read tweet.read offline.access like.read list.read",
        },
      },
    }),
  ],

it's documented here: https://next-auth.js.org/configuration/providers/oauth#how-to

This works, thanks bro

[asseph]

Is this only possible in next-auth version 4?

[asseph]

How to use access_token and refresh token to post tweet?

[ukrocks007]

You can use twitter-api-sdk along with next-auth.

import Client, { auth } from 'twitter-api-sdk';

const options: NextAuthOptions = {
  providers: [
    TwitterProvider({
      clientId: env.twitter.clientId,
      clientSecret: env.twitter.clientSecret,
      version: '2.0',
      authorization:{
        params: {
          scope: "users.read tweet.read tweet.write offline.access follows.read follows.write"
        }
      }
    }),
  ],
  callbacks: {
    async signIn({ user, account, profile }): Promise<any> {
      // Check if the provider is Twitter
      if (account?.provider === "twitter") {
        const userId = user?.id as string; // User ID from Twitter
        const { access_token } = account;
        const client = new Client(new auth.OAuth2Bearer(access_token));

        const tweetRes = await client.tweets.createTweet({
          text: 'Tweet Content!',
        });
        return user;
      }

      // Return the user data for other providers
      return { ...user };
    },
  secret: process.env.SECRET,
};