Express.js middleware implementation for Twitter OAuth 2.0 Client.
This module supports the following grant type available on twitter:
Table of Contents
$ npm i twitter-oauth2import express from 'express';
import session from 'express-session';
import { request } from 'undici';
import { twitterOAuth2 } from 'twitter-oauth2';
const app: express.Express = express();
/* ---- express-session ----*/
app.use(session({
name: 'YOUR-SESSION-NAME',
secret: 'YOUR-SECRET',
resave: false,
saveUninitialized: true
}))
app.use(twitterOAuth2({
client_id: 'YOUR-CLIENT-ID',
client_secret: 'YOUR-CLIENT-SECRET',
redirect_uri: 'YOUR-REDIRECT-URI',
scope: 'tweet.read users.read offline.access'
}))
app.get('/', async (req: express.Request, res: express.Response) => {
const tokenSet = req.session.tokenSet;
console.log('received tokens %j', req.session.tokenSet);
const { body } = await request('https://api.twitter.com/2/users/me',
{
headers: {
Authorization: `Bearer ${tokenSet?.access_token}`
}
});
const username = (await body.json()).data.username;
res.send(`Hello ${username}!`);
})Note This module uses a session store that is compatible with express-session.
See the example for more details.
The required arguments depend on the client type.
app.use(twitterOAuth2({
client_id: 'YOUR-CLIENT-ID',
client_secret: 'YOUR-CLIENT-SECRET',
redirect_uri: 'YOUR-REDIRECT-URI',
scope: 'tweet.read users.read offline.access'
}))app.use(twitterOAuth2({
client_type: 'public',
client_id: 'YOUR-CLIENT-ID',
redirect_uri: 'YOUR-REDIRECT-URI',
scope: 'tweet.read users.read offline.access'
}))app.use(twitterOAuth2({
consumer_key: 'YOUR-CONSUMER-KEY',
consumer_secret: 'YOUR-CONSUMER-SECRET',
grant_type: 'client_credentials'
}))import { twitterOAuth2 } from 'twitter-oauth2';Create a middleware with the given options.
twitterOAuth2 accepts these properties in the options object.
The identifier of the Client.
You can check it from the Developer Portal.
This option is used in case Authorization Code Grant.
This option can also be read from the environment variable CLIENT_ID.
This is the secret information used for client authentication.
You can check it from the Developer Portal.
This option is used in the case of Authorization Code Grant and Confidential Client.
This option can also be read from the environment variable CLIENT_SECRET.
This is the callback URL that you registered on the Developer Portal.
This option can also be read from the environment variable REDIRECT_URI.
The scope of the access request.
Please see the documentation for available scopes.
The current default is tweet.read users.read offline.access.
The client type is defined in OAuth2.0.
This value was set during the registration process.
The current default is confidential.
The grant_type is defined in OAuth2.0.
The current default is authorization_code.
The client identifier.
In Client Credentials Grant, the consumer key is used as the client_id.
This option can also be read from the environment variable CONSUMER_KEY.
The client secret.
In Client Credentials Grant, the consumer secret is used as the client_secret.
This option can also be read from the environment variable CONSUMER_SECRET.
Errors raised by this middleware are handled by the default Express error handler. To write your error handler, see the Express documentation on writing Custom error handlers.
Thanks for your feedback and contribution to this repo! Please feel free to open issues and send pull-requests.