Twitter Provider 
Twitter fully supports the OAuth 2.0 protocol and can therefore be used as a trusted provider for authenticating users and providing their claims.
Setup
A few steps are needed to get Twitter working as a provider. You'll need to register the Authority Service as an app in the developer portal of Twitter. You can configure multiple Twitter provider instances, each linked to a different Twitter application.
Warning
In the following steps, you will be adding the Authority Service as an app to Twitter. Don't do this under your personal account, but use an account of your organisation.
Register the Authority Service as an app
Note
Twitter recently made some changes to further improve security and prevent malicious use of its API's. Therefore, you're now required to create a developer account. Please do this with an e-mail address linked to your organisation. Once your developer account has been created, you can continue with this guide.
Login to the developer portal, navigate to the Apps Section and click on Create an app.
- Fill-in all the required information and click Create
- The callback url must be the url of the Authority Service appended with /signin-{providerName} where
{providerName}is the name of the provider as configured in the framework (spaces are replaced with hyphens). For example: https://ometa-authority.example.com/signin-twitter if your provider is named Twitter.
Important
You are required to fill-in a Terms of Service URL and a Privacy policy URL. If you don't do this, you can't use Twitter as authentication provider because you won't be able to request the e-mail address of the user.
An example of a filled-in form.
Keys and tokens
The application has now been created and an API key and secret has been generated on the tab Keys and tokens. You will need this key and secret later on to configure Twitter in the Ometa Framework.
Permissions
By default, the created app has both read and write permissions. To make the consent easier for a user to accept, you can change this to read only. What we do need to set extra is the permission to request the e-mail address from users.
Claims
The following claims are provided by Twitter when a user successfully authenticates itself.
- nameidentifier
- name
- emailaddress
An example:
| Type | Value |
|---|---|
| nameidentifier | 1354058265 |
| name | JohnDoe |
| emailaddress | john.doe@ometa.net |
User Consent
The first time a user will use the Twitter login to authenticate themself for using the Ometa Framework, they will need to give consent to the Ometa Authority Service for receiving information like their e-mail address and name.
Note
If the user doesn't give consent, he/she will not be able to use the Ometa Framework.
