Aura Auth
OAuth Providers

X (Twitter) Authorization Provider

Configure the X OAuth 2.0 provider in Aura Auth for authentication and authorization.

X (Twitter)

Set up the X authorization provider for the authentication instance in Aura Auth.

What you'll learn

Through this quick start guide, you will learn and understand the basics of how to set up the X provider for Aura Auth.

X OAuth App

Creating an X OAuth Application

The first step is to create and register an X App to grant access to the user's accessible resources like Get my User (used by Aura Auth), Posts, Likes, Lists, etc. For more detailed information, read the X Developer Portal, Get my User, and OAuth 2.0 Scopes.

Creating an X OAuth app includes:

  • App name: X's app name.
  • App permissions: Permissions available to the X app. The options include:
    • Read.
    • Read and write (Recommended).
    • Read and write and Direct message.
  • Type of App: Enables the app to work with OAuth 2.0 authentication.
    • Native App: Public client with the OAuth 2.0 authorization code flow that implements PKCE. For more details, read PKCE. This is the option supported by Aura Auth.
    • Web App, Automated App or Bot: Confidential client, which implements the client_credentials grant type in the authorization. For more details, read Application only.
  • Callback URI: The URL to which X OAuth will redirect. It should end in /auth/callback/x for local and production environments.
    • Local environment: http://localhost:3000/auth/callback/x.
    • Production environment: Set the URL of your production application.
  • Website URL (Required): The URL of the app.
  • Organization Name (Optional): The application name shown when the user tries to grant access to the app.
  • Organization URL (Optional): The link shown when users authorize your app.
  • Terms of service (Required): The link to the terms of service shown to the user.
  • Privacy policy (Required): The link to the privacy policy shown to the user.

X Aura Auth

Installation

Install the package using a package manager like npm, pnpm or yarn.

npm install @aura-stack/auth

Environment setup

Now, it's time to set up the X credentials required by Aura Auth, which include the client Id and client Secret, and write them into a .env file.

Additionally set the secret used by Aura Auth to sign and encrypt the user's session.

.env
# X Credentials
AURA_AUTH_X_CLIENT_ID="x_client_id"
AURA_AUTH_X_CLIENT_SECRET="x_client_secret"

# Aura Secret
AURA_AUTH_SECRET="32-bytes-secret"

The AURA_AUTH_SECRET is recommended to be a random and high entropy key to avoid attackers deciphering the secret used by the Aura Auth application.

Configure the provider

Set the oauth option of the createAuth instance by writing the "x" provider name.

@/auth
import { createAuth } from "@aura-stack/auth"

export const auth = createAuth({
  oauth: ["x"],
})

export const { handlers } = auth

Get HTTP Handlers

Use the HTTP handlers to consume the authentication logic and flow from the Aura Auth library to integrate it into routers and frameworks.

backend.ts
import { handlers } from "@/auth"

export const { GET, POST } = handlers

The returned handlers include pre-built routes used in OAuth flows (/signIn/:oauth, /callback/:oauth, /session, /signOut and /csrfToken). You can mount them in Express, Hono, Next.js, or any runtime that supports native Request and Response APIs.

Resources

Strava Authorization Provider

Add Strava authorization provider to Aura Auth to authentication and authorize

Architecture

Overview of Aura Auth architecture, data flow, and key responsibilities

On this page

X (Twitter)What you'll learnX OAuth AppCreating an X OAuth ApplicationX Aura AuthInstallationEnvironment setupConfigure the providerGet HTTP HandlersResources