FusionAuth developer image
FusionAuth developer logo
  • Back to site
  • Expert Advice
  • Blog
  • Developers
  • Downloads
  • Account
  • Contact sales
Navigate to...
  • Welcome
  • Getting Started
  • 5-Minute Setup Guide
  • Release Notes
  • Core Concepts
    • Overview
    • Users
    • Roles
    • Groups
    • Entity Management
    • Registrations
    • Applications
    • Tenants
    • Identity Providers
    • Key Master
    • SCIM
    • Search
    • Authentication and Authorization
    • Integration Points
    • Localization and Internationalization
    • Editions and Features
    • Roadmap
  • Installation Guide
    • Overview
    • System Requirements
    • Server Layout
    • Cloud
    • Cluster
    • Docker
    • Fast Path
    • Kubernetes
      • Overview
      • Deployment Guide
      • Minikube Setup
      • Amazon EKS Setup
      • Google GKE Setup
      • Microsoft AKS Setup
    • Kickstart™
    • Homebrew
    • Packages
    • Database
    • FusionAuth App
    • FusionAuth Search
    • Common Configuration
  • Admin Guide
    • Overview
    • Account Portal
    • Config Management
    • Licensing
    • Monitoring
    • Proxy Setup
    • Securing
    • Technical Support
    • Troubleshooting
    • Upgrading
  • Migration Guide
    • Overview
    • General
    • Auth0
    • Keycloak
    • Amazon Cognito
    • Firebase
    • Tutorial
  • APIs
    • Overview
    • Authentication
    • Errors
    • Actioning Users
    • API Keys
    • Applications
    • Audit Logs
    • Connectors
      • Overview
      • Generic
      • LDAP
    • Consents
    • Emails
    • Entity Management
      • Overview
      • Entities
      • Entity Types
      • Grants
    • Event Logs
    • Families
    • Forms
    • Form Fields
    • Groups
    • Identity Providers
      • Overview
      • Links
      • Apple
      • External JWT
      • Epic Games
      • Facebook
      • Google
      • HYPR
      • LinkedIn
      • Nintendo
      • OpenID Connect
      • SAML v2
      • SAML v2 IdP Initiated
      • Sony PlayStation Network
      • Steam
      • Twitch
      • Twitter
      • Xbox
    • Integrations
    • IP Access Control Lists
    • JWT
    • Keys
    • Lambdas
    • Login
    • Message Templates
    • Messengers
      • Overview
      • Generic
      • Kafka
      • Twilio
    • Multi-Factor/Two Factor
    • Passwordless
    • Reactor
    • Registrations
    • Reports
    • SCIM
      • Overview
      • SCIM EnterpriseUser
      • SCIM Group
      • SCIM Service Provider Config.
      • SCIM User
    • System
    • Tenants
    • Themes
    • Users
    • User Actions
    • User Action Reasons
    • User Comments
    • Webhooks
  • Client Libraries
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • Node
    • OpenAPI
    • PHP
    • Python
    • Ruby
    • Typescript
  • Themes
    • Overview
    • Examples
    • Helpers
    • Localization
    • Template Variables
  • Email & Templates
    • Overview
    • Configure Email
    • Email Templates
    • Email Variables
    • Message Templates
  • Events & Webhooks
    • Overview
    • Writing a Webhook
    • Securing Webhooks
    • Events
      • Overview
      • Audit Log Create
      • Event Log Create
      • JWT Public Key Update
      • JWT Refresh
      • JWT Refresh Token Revoke
      • Kickstart Success
      • User Action
      • User Bulk Create
      • User Create
      • User Create Complete
      • User Deactivate
      • User Delete
      • User Delete Complete
      • User Email Update
      • User Email Verified
      • User IdP Link
      • User IdP Unlink
      • User Login Failed
      • User Login Id Duplicate Create
      • User Login Id Duplicate Update
      • User Login New Device
      • User Login Success
      • User Login Suspicious
      • User Password Breach
      • User Password Reset Send
      • User Password Reset Start
      • User Password Reset Success
      • User Password Update
      • User Reactivate
      • User Registration Create
      • User Registration Create Complete
      • User Registration Delete
      • User Registration Delete Complete
      • User Registration Update
      • User Registration Update Complete
      • User Registration Verified
      • User Two Factor Method Add
      • User Two Factor Method Remove
      • User Update
      • User Update Complete
  • Example Apps
    • Overview
    • Dart
    • Go
    • Java
    • JavaScript
    • .NET Core
    • PHP
    • Python
    • Ruby
  • Lambdas
    • Overview
    • Apple Reconcile
    • Client Cred. JWT Populate
    • Epic Games Reconcile
    • External JWT Reconcile
    • Facebook Reconcile
    • Google Reconcile
    • HYPR Reconcile
    • JWT Populate
    • LDAP Connector Reconcile
    • LinkedIn Reconcile
    • Nintendo Reconcile
    • OpenID Connect Reconcile
    • SAML v2 Populate
    • SAML v2 Reconcile
    • SCIM Group Req. Converter
    • SCIM Group Resp. Converter
    • SCIM User Req. Converter
    • SCIM User Resp. Converter
    • Sony PSN Reconcile
    • Steam Reconcile
    • Twitch Reconcile
    • Twitter Reconcile
    • Xbox Reconcile
  • Identity Providers
    • Overview
    • Apple
    • Epic Games
    • External JWT
      • Overview
      • Example
    • Facebook
    • Google
    • HYPR
    • LinkedIn
    • Nintendo
    • OpenID Connect
      • Overview
      • Azure AD
      • Discord
      • Github
    • Sony PlayStation Network
    • Steam
    • Twitch
    • Twitter
    • SAML v2
      • Overview
      • ADFS
    • SAML v2 IdP Initiated
      • Overview
      • Okta
    • Xbox
  • Messengers
    • Overview
    • Generic Messenger
    • Kafka Messenger
    • Twilio Messenger
  • Connectors
    • Overview
    • Generic Connector
    • LDAP Connector
    • FusionAuth Connector
  • Self Service Account Mgmt
    • Overview
    • Updating User Data & Password
    • Add Two-Factor Authenticator
    • Add Two-Factor Email
    • Add Two-Factor SMS
    • Customizing
    • Troubleshooting
  • Advanced Threat Detection
    • Overview
  • Integrations
    • Overview
    • CleanSpeak
    • Kafka
    • Twilio
  • OpenID Connect & OAuth 2.0
    • Overview
    • Endpoints
    • Tokens
  • SAML v2 IdP
    • Overview
    • Google
    • Zendesk
  • Plugins
    • Plugins
    • Writing a Plugin
    • Custom Password Hashing
  • Guides
    • Overview
    • Advanced Registration Forms
    • Breached Password Detection
    • Multi-Factor Authentication
    • Multi-Tenant
    • Passwordless
    • Securing Your APIs
    • Silent Mode
    • Single Sign-on
  • Tutorials
    • Overview
    • User Control & Gating
      • Gate Unverified Users
      • Gate Unverified Registrations
      • User Account Lockout
    • Setup Wizard & First Login
    • Register/Login a User
    • Start and Stop FusionAuth
    • Authentication Tokens
    • Key Rotation
    • JSON Web Tokens
    • Prometheus Setup
    • Switch Search Engines
    • Two Factor (pre 1.26)
  • Reference
    • CORS
    • Configuration
    • Data Types
    • Known Limitations
    • Password Hashes

    Twitter Identity Provider

    Overview

    Adding a Login with Twitter button to FusionAuth is simple, and this guide will walk you through the steps necessary to collect the credentials from Twitter in order to enable this Social login.

    • Create a Twitter Account

    • Create a Twitter App

    • Create a Twitter Identity Provider

    • Building Your Own Integration


    Once you have completed this configuration you will be able to enable the Twitter login button for one or more FusionAuth Applications. Below is an example login page with the Twitter Identity Provider enabled.

    Twitter Login

    Create a Twitter Account

    Ensure you have a Twitter account, and then navigate to the Twitter Developer dashboard.

    https://developer.twitter.com

    If you do not yet have a developer account, you will need to apply for access to the Twitter API.

    https://developer.twitter.com/en/apply-for-access.html

    Once you have logged into Twitter and have obtained access to a Twitter developer account, continue to the next step.

    Create a Twitter App

    If you do not yet have a Twitter app you will need to create an app in this step. If you already have a Twitter app that you plan to use for FusionAuth please review this section anyway to ensure your configuration is correct to support the Twitter login.

    https://developer.twitter.com/en/portal/projects-and-apps

    Twitter Create App

    In the following sections you will find an example of the Create an App process. Review the following sections to ensure your configuration is correct.

    Record the Keys and Token

    The API key and API secret key are typically presented at the onset of app creation. Record these values. They will be needed for later integration with the FusionAuth IdP.

    Authentication Settings

    You will need to modify a few setting here to enable Twitter to connect with FusionAuth.

    Create Twitter App

    Add the Callback URL 1 & 2

    In this example I have registered https://login.piedpiper.com/oauth2/callback as the callback URL. The redirect URL must be set to an absolute URL in the twitter console for your application. If your hostname is login.piedpiper.com, the redirect URL would be https://login.piedpiper.com/oauth2/callback/.

    Enable 3-legged OAuth and complete all required fields.

    Request Email 3

    Finally, you will want to ensure you have checked Request email address from users. Please note, for some Twitter users, it is possible to create an account without an email address. If this is the case for your Twitter users, you will want to configure the IdP below to link on a username, or create a pending link. See Linking Strategies which discusses workaround options.

    Keys and Tokens

    Now click on the Keys and tokens tab. In this section you will find the Consumer API keys. These two values will be used to configure the FusionAuth Identity Provider.

    Twitter Keys and tokens

    Create a Twitter Identity Provider

    The last step will be to create a Twitter Identity Provider in FusionAuth. To create an Identity Provider navigate to Settings → Identity Providers and click Add provider and select Twitter from the dialog.

    This will take you to the Add Twitter panel, and you’ll fill out the Consumer key and Consumer secret required fields using the values found in the Twitter App Keys and tokens tab from the previous step. The button text is also required but it will be defaulted to Login with Twitter, you may optionally modify this default value.

    To enable this identity provider for an application, find your application name in the Applications configuration section at the bottom of this panel. You will always see the FusionAuth application, this application represents the FusionAuth administrative user interface. If you wish to be able to log into FusionAuth with this provider, you may enable this application.

    In the following screenshot you will see that we have enabled this login provider for the Pied Piper application and enabled Create registration. Enabling create registration means that a user does not need to be manually registered for the application prior to using this login provider.

    For example, when a new user attempts to log into Pied Piper using Twitter, if their user does not exist in FusionAuth it will be created dynamically, and if the Create registration toggle has been enabled, the user will also be registered for Pied Piper and assigned any default roles assigned by the application.

    If you do not wish to automatically provision a user for this Application when logging in with Twitter, leave Create registration off. You will need to manually register a user for this application before they may Sign in with Twitter.

    That’s it, now the Sign in with Twitter button will show up on the login page for the Pied Piper application.

    Add Twitter

    Form Fields

    Consumer key Required

    The Twitter API key found in your Twitter App Keys and tokens settings in the API key field.

    Consumer secret Required

    The Twitter API secret key found in your Twitter App Keys and tokens settings in the API secret key field.

    Callback URL Read-only Available since 1.6.0

    This is the callback URL you will provide in your Twitter configuration.

    Button text Required

    The text to be displayed in the button on the login form. This value is defaulted to Login with Twitter but it may be modified to your preference.

    Linking strategy Optional defaults to Link on email. Create the user if they do not exist

    The linking strategy for Twitter. See Linking Strategies for more.

    Reconcile lambda Optional Available since 1.17.0

    A lambda may be utilized to map custom claims returned from Twitter.

    To configure a lambda, navigate to Settings → Lambdas.

    Debug enabled Optional defaults to false

    Enable debug to create an event log to assist you in debugging integration errors.

    Proxy details

    If you are running FusionAuth behind a proxy of some sort, please review the following information.

    FusionAuth will detect the public URL of your instance at runtime to send to Twitter as the callback URL. If you are behind a proxy, ensure that the X-Forwarded-Host and the X-Forwarded-Proto headers are added by your proxy if the host or protocol do not match what is behind the proxy. For example, if your public URL is using https and your proxy is performing SSL acceleration the URL behind the proxy may be http. In this scenario, most proxies will have added the X-Forwarded-Proto header to the request which will allow FusionAuth to send the correct URL to Twitter.

    Building Your Own Integration

    If you are building your own login experience, you’ll want to start the identity provider flow yourself and then complete the login.

    You might do this if you are using the Login API rather than using the hosted FusionAuth login pages.

    Completing the login is documented further in the API.

    If you require a refresh token after completing the login, ensure Enable JWT Refresh is true in the application configuration. This is found in the administrative user interface by navigating to Applications → Your Application → Security → Login API settings.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    © 2021 FusionAuth
    Subscribe for developer updates