feat(providers): add support to Twitter OAuth 2.0 (nextauthjs#3446)

balazsorban44 · web-flow · commit 90c7d535c0f2 · 2022-01-10T11:49:43.000+01:00
* feat(providers): add support to Twitter OAuth 2.0

* docs: add docs comment

* chore: cleanup

* chore: remove comments

* chore: give warning for OAuth 2 for now
diff --git a/app/pages/api/auth/[...nextauth].ts b/app/pages/api/auth/[...nextauth].ts
@@ -3,7 +3,9 @@ import NextAuth, { NextAuthOptions } from "next-auth"
 import GitHubProvider from "next-auth/providers/github"
 import Auth0Provider from "next-auth/providers/auth0"
 import KeycloakProvider from "next-auth/providers/keycloak"
-import TwitterProvider from "next-auth/providers/twitter"
+import TwitterProvider, {
+  TwitterLegacy as TwitterLegacyProvider,
+} from "next-auth/providers/twitter"
 import CredentialsProvider from "next-auth/providers/credentials"
 import IDS4Provider from "next-auth/providers/identity-server4"
 import Twitch from "next-auth/providers/twitch"
@@ -72,11 +74,17 @@ export const authOptions: NextAuthOptions = {
       },
     }),
     // OAuth 1
+    // TwitterLegacyProvider({
+    //   clientId: process.env.TWITTER_LEGACY_ID,
+    //   clientSecret: process.env.TWITTER_LEGACY_SECRET,
+    // }),
+    // OAuth 2 / OIDC
     TwitterProvider({
+      // Opt-in to the new Twitter API for now. Should be default in the future.
+      version: "2.0",
       clientId: process.env.TWITTER_ID,
       clientSecret: process.env.TWITTER_SECRET,
     }),
-    // OAuth 2 / OIDC
     GitHubProvider({
       clientId: process.env.GITHUB_ID,
       clientSecret: process.env.GITHUB_SECRET,
diff --git a/src/providers/twitter.ts b/src/providers/twitter.ts
@@ -1,6 +1,6 @@
 import type { OAuthConfig, OAuthUserConfig } from "."
 
-export interface TwitterProfile {
+export interface TwitterLegacyProfile {
   id: number
   id_str: string
   name: string
@@ -95,12 +95,12 @@ export interface TwitterProfile {
   needs_phone_verification: boolean
 }
 
-export default function Twitter<P extends Record<string, any> = TwitterProfile>(
-  options: OAuthUserConfig<P>
-): OAuthConfig<P> {
+export function TwitterLegacy<
+  P extends Record<string, any> = TwitterLegacyProfile
+>(options: OAuthUserConfig<P>): OAuthConfig<P> {
   return {
     id: "twitter",
-    name: "Twitter",
+    name: "Twitter (Legacy)",
     type: "oauth",
     version: "1.0A",
     authorization: "https://api.twitter.com/oauth/authenticate",
@@ -122,3 +122,98 @@ export default function Twitter<P extends Record<string, any> = TwitterProfile>(
     options,
   }
 }
+
+/**
+ * [Documentation](https://developer.twitter.com/en/docs/twitter-api/users/lookup/api-reference/get-users-me)
+ */
+export interface TwitterProfile {
+  data: {
+    id: string
+    name: string
+    username: string
+    location?: string
+    entities?: {
+      url: {
+        urls: Array<{
+          start: number
+          end: number
+          url: string
+          expanded_url: string
+          display_url: string
+        }>
+      }
+      description: {
+        hashtags: Array<{
+          start: number
+          end: number
+          tag: string
+        }>
+      }
+    }
+    verified?: boolean
+    description?: string
+    url?: string
+    profile_image_url?: string
+    protected?: boolean
+    pinned_tweet_id?: string
+    created_at?: string
+  }
+  includes?: {
+    tweets?: Array<{
+      id: string
+      text: string
+    }>
+  }
+}
+
+let warned = false
+export default function Twitter<
+  P extends Record<string, any> = TwitterLegacyProfile | TwitterProfile
+>(options: OAuthUserConfig<P>): OAuthConfig<P> {
+  if (!warned && options.version === "2.0") {
+    warned = true
+    console.warn(
+      "Opted-in to Twitter OAuth 2.0. See the docs https://next-auth.js.org/providers/twitter#oauth-2"
+    )
+    return {
+      id: "twitter",
+      name: "Twitter",
+      version: "2.0",
+      type: "oauth",
+      authorization: {
+        url: "https://twitter.com/i/oauth2/authorize",
+        params: { scope: "users.read tweet.read offline.access" },
+      },
+      token: {
+        url: "https://api.twitter.com/2/oauth2/token",
+        // TODO: Remove this
+        async request({ client, params, checks, provider }) {
+          const response = await client.oauthCallback(
+            provider.callbackUrl,
+            params,
+            checks,
+            { exchangeBody: { client_id: options.clientId } }
+          )
+          return { tokens: response }
+        },
+      },
+      userinfo: {
+        url: "https://api.twitter.com/2/users/me",
+        params: { "user.fields": "profile_image_url" },
+      },
+      profile({ data }) {
+        return {
+          id: data.id,
+          name: data.name,
+          // NOTE: E-mail is currently unsupported by OAuth 2 Twitter.
+          email: null,
+          image: data.profile_image_url,
+        }
+      },
+      checks: ["pkce", "state"],
+      options,
+    }
+  }
+
+  return TwitterLegacy(options)
+}
