It is possible to authenticate Twitter users with the Twitter authenticator. This authenticator functions as an OAuth 1.0a client to Twitter (i.e., it is a “consumer”). Using the Curity Identity Server with Twitter requires that an application for a particular installation of Curity be defined in Twitter, and that a connection to Twitter is made by configuring Curity. The steps to do these two things are described below.

Creating an App in Twitter

As described in the Twitter documentation, you can create apps that use the Twitter APIs as shown in the following figure:


Fill in the name, description and website and save changes.

As you create it, you’ll be shown the API Key and API secret Key. You’ll need these later when configuring the plug-in in Curity.

From the app’s main page, you need to enable OAuth by clicking on the Edit button next to Authentication settings. From there, click on Enable 3-legged OAuth. You may toggle on Request email address from users as well. Configure the callback URL. To obtain this, you’ll need the endpoint of the server and the final part of the URL will be the ID of the Twitter authenticator and the string callback. An example configuration is shown in the following fiture:


Also, on the main app page in the Twitter developer portal, you can manage permissions in the Permissions section as show in below figure:


Configuring the Twitter Authenticator

The easiest way to configure a new Twitter authenticator is using the Curity admin UI. The configuration can be downloaded as XML from the CLI and the same can be done using CLI, so only the steps to do this in the GUI will be described.

  1. Go to the Authenticators page of the authentication profile wherein the authenticator instance should be created.

  2. Click the New Authenticator button.

  3. Enter a name (e.g., twitter1). This name needs to match the URI component in the callback URI set in the Twitter app.

  4. For the type, pick the Twitter option:

  5. On the next page, you can define all of the standard authenticator configuration options like any previous authenticator that should run, the resulting ACR, transformers that should executed, etc. At the top of the configuration page, the Twitter-specific options can be found.

  6. In the API Key textfield, enter the API Key from the Twitter client app.

  7. Also enter the API secret Key generated by Twitter when the app was created there.

Once all of these changes are made, they will be staged, but not committed (i.e., not running). To make them active, click the Commit menu option in the Changes menu. Optionally enter a comment in the Deploy Changes dialogue and click OK.

Once the configuration is committed and running, the authenticator can be used like any other.

Source Code

The source code for the authenticator is available on GitHub. It can make a good starting point new authenticators when needed.