Instructions for login via v2?
CyberPunkCodes opened this issue · 7 comments
Using v2 as the API Version breaks the login/webhook process. Twitter::getRequestToken() isn't found.
Is it possible to have a user authenticate with twitter to login to my site, on v2 with this library?
Or do I need to specify with version 1 or something?
I feel like there is something missing for the docs about settings up for v2.
@CyberPunkCodes did you find out how to do this?
I am also trying to do this. If anyone has figured this out it would be great to post.
Getting kind of urgent now with Twitter starting to shut things off. Any luck @joelvanpatten ?
No. I honestly just abandoned this package and started creating my own OAuth2 implementation using Laravels Guzzle wrappers.
return Http::withBasicAuth($clientId, $clientSecret) ->asForm() // Content-Type of application/x-www-form-urlencoded via a header ->post($url, $data);
For anyone else arriving on this thread, I also gave up and just did a Guzzle request
public function redirectToTwitter()
{
$state = Str::random(40);
$codeChallenge = Str::random(64);
$codeChallengeMethod = 'plain';
// Store the state and code_challenge values in session
session([
'state' => $state,
'code_challenge' => $codeChallenge,
'code_challenge_method' => $codeChallengeMethod,
]);
$callback_url = config('app.callback_url').'callback/twitter';
$queryParams = [
'response_type' => 'code',
'client_id' => config('twitter.access_token'),
'redirect_uri' => $callback_url,
'state' => $state,
'code_challenge' => $codeChallenge,
'code_challenge_method' => $codeChallengeMethod,
'scope' => 'offline.access tweet.read tweet.write',
];
$url = 'https://twitter.com/i/oauth2/authorize?' . http_build_query($queryParams, '', '&', PHP_QUERY_RFC3986);
return redirect($url);
}And for the Callback
use GuzzleHttp\Client;
...
public function handleTwitterCallback(Request $request) {
$code = $request->input('code');
$state = $request->input('state');
$sessionState = session('state', '');
$codeVerifier = session('code_challenge', '');
// Verify the state parameter to protect against CSRF attacks
if ($state !== $sessionState) {
return redirect('/auth/twitter')->withErrors(['Invalid state parameter']);
}
$callbackUrl = config('app.callback_url').'callback/twitter';
$client = new Client([
'base_uri' => 'https://api.twitter.com/2/',
]);
$basicAuthHeader = base64_encode(config('twitter.access_token') . ':' . config('twitter.access_token_secret'));
$response = $client->post('oauth2/token', [
'headers' => [
'Authorization' => 'Basic ' . $basicAuthHeader,
'Content-Type' => 'application/x-www-form-urlencoded;charset=UTF-8',
],
'form_params' => [
'grant_type' => 'authorization_code',
'code' => $code,
'redirect_uri' => $callbackUrl,
'code_verifier' => $codeVerifier,
],
]);
$accessToken = json_decode((string)$response->getBody(), true)['access_token'];
dd($accessToken);
}P.s. if you want to get the User, do the following:
$accessToken = json_decode((string)$response->getBody(), true)['access_token'];
// Docs: https://developer.twitter.com/en/docs/twitter-api/users/lookup/api-reference/get-users-me
$userContextResponse = $client->get('https://api.twitter.com/2/users/me', [
'headers' => [
'Authorization' => 'Bearer ' . $accessToken,
],
'query' => [
'user.fields' => 'id,name,username,profile_image_url',
],
]);Would recommend the socialite provider for this, if anyone wants to fix the implementation in this repo feel free to PR.
https://github.com/SocialiteProviders/Twitter