Twitter Reconcile
Twitter Reconcile lambda
When an Twitter identity provider is used to complete a federated login request FusionAuth will use the email address to reconcile user. You may optionally utilize a lambda to customize the user and user registration during this authentication event.
When you create a new lambda using the FusionAuth UI we will provide you an empty function for you to implement.
If you are using the API to create the lambda you will need to ensure your function has the following signature:
function reconcile(user, registration, twitterUser) {
// Lambda code goes here
}
This lambda must contain a function named reconcile
that takes three parameters. The parameters that the lambda is passed are:
-
user
- the FusionAuth User object -
registration
- the FusionAuth UserRegistration object -
twitterUser
- the JSON user object returned by the Twitter Verify Credentials API
The two FusionAuth objects are well documented here in the User API and Registration API documentation. The twitterUser
may contain various user claims to utilize during the reconcile process.
Assigning the lambda
Once a lambda is created, you may assign it to the Twitter identity provider in the IdP configuration.
Navigate to
and select your existing Twitter configuration or click and select Twitter if it has not yet been configured.Default lambda
A default Twitter reconcile lambda is available in FusionAuth that may be used or modified. The default Twitter lambda function is documented below.
// This is the default Twitter reconcile, modify this to your liking.
function reconcile(user, registration, twitterUser) {
// Un-comment this line to see the twitterUser object printed to the event log
// console.info(JSON.stringify(twitterUser, null, 2));
// Set name if available in the response
if (twitterUser.name) {
user.fullName = twitterUser.name;
}
// https://developer.twitter.com/en/docs/accounts-and-users/user-profile-images-and-banners.html
if (twitterUser.profile_image_url_https) {
// Remove the _normal suffix to get the original size.
user.imageUrl = twitterUser.profile_image_url_https.replace('_normal.png', '.png');
}
// Set twitter screen_name in registration.
// - This is just for display purposes, this value cannot be used to uniquely identify
// the user in FusionAuth.
registration.username = twitterUser.screen_name;
}
Limitations
The user.email
field on the user will be ignored if modified by the lambda function. This is to protect the integrity of the email
claim returned by the identity provider.
The user.username
field on the user will be ignored if modified by the lambda function. This is to mitigate the risks of an account takeover due to a non globally unique identifier.