IDM 7.2.1

Twitter social identity provider

Social authentication is deprecated and will be removed in a future release of IDM. For more information, see Deprecation.

Set up Twitter

For additional information, see Single-user OAuth with Examples.

  1. To set up Twitter as a social identity provider, you’ll need a Twitter account, and then navigate to Twitter Application Management.

  2. Select Create New App, and enter at least the following information:

    • Name

    • Description

    • Website, such as http://openidm.example.com:8080

    • Callback URL, such as http://openidm.example.com:8080/; required for IDM; for other providers, known as RedirectURI

  3. Click Save.

    The page displays a Consumer Key and Consumer Secret for your new web app.

Twitter Apps use the OAuth 1.0a protocol. With IDM, you can use the same process used to configure OIDC and OAuth 2 social identity providers.

Configure Twitter as a social identity provider

To configure a Twitter social identity provider using the admin UI:

  1. From the navigation bar, click Configure > Social ID Providers.

  2. On the Social Identity Providers page, enable Twitter.

  3. In the Twitter Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, see Twitter Social Identity Provider Configuration Details.

After you save the social identity provider configuration, IDM generates a conf/identityProvider-twitter.json file:

{
    "provider" : "twitter",
    "requestTokenEndpoint" : "https://api.twitter.com/oauth/request_token",
    "authorizationEndpoint" : "https://api.twitter.com/oauth/authenticate",
    "tokenEndpoint" : "https://api.twitter.com/oauth/access_token",
    "userInfoEndpoint" : "https://api.twitter.com/1.1/account/verify_credentials.json",
    "clientId" : "<Client_ID_Name>",
    "clientSecret" : {
      "$crypto" : {
          "type" : "x-simple-encryption",
          "value" : {
              "cipher" : "AES/CBC/PKCS5Padding",
              "stableId" : "openidm-sym-default",
              "salt" : "<hashValue>",
              "data" : "<encryptedValue>",
              "keySize" : 16,
              "purpose" : "idm.config.encryption",
              "iv" : "<encryptedValue>",
              "mac" : "<hashValue>"
          }
      }
    },

The next part of the file includes schema information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you’ve registered a user with a Twitter social identity, you can verify this by selecting Manage > Twitter, and then selecting a user.

Another part of the file includes a propertyMap, which maps user information entries between the source (social identity provider) and the target (IDM).

If you need more information about the properties in this file, refer to the following appendix: Twitter Social Identity Provider Configuration Details.

Configure user registration to link to Twitter

Once you’ve configured the Twitter social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, see Self-service end user UI.

When you enable Social Registration, you’re allowing users to register on IDM through all active social identity providers.

Twitter social identity provider configuration details

You can set up the Twitter social identity provider through the admin UI or in a conf/identityProvider-twitter.json file. IDM generates the identityProvider-twitter.json file when you configure and enable the Twitter social identity provider in the admin UI. Alternatively, you can create that file manually.

The following table includes the information shown in the admin UI Twitter Provider pop-up window, along with associated information in the identityProvider-twitter.json file.

Twitter social identity provider configuration properties
Property (UI) Property (JSON file) Description

Consumer Key

clientId

The client identifier for your Twitter App

Consumer Secret

clientSecret

Used with the Client ID to access the applicable Twitter API

Authorization Endpoint

authorizationEndpoint

Typically https://api.twitter.com/oauth/authenticate; known as a Twitter Authorize URL

Access Token Endpoint

tokenEndpoint

Endpoint that receives a one-time authorization code, and returns an access token; typically https://api.twitter.com/oauth/access_token

User Info Endpoint

userInfoEndpoint

Access for other URIs; typically https://api.twitter.com/1.1/account/verify_credentials.json

Request Token Endpoint

requestTokenEndpoint

Endpoint that receives a one-time authorization code, and returns an access token; typically https://api.twitter.com/oauth/request_token

Not in the admin UI

provider

Name of the social identity provider

Not in the admin UI

authenticationIdKey

The user identity property, such as _id

Not in the admin UI

configClass

Configuration class for the authentication module

Not in the admin UI

basicAuth

Whether to use basic authentication

Not in the admin UI

propertyMap

Mapping between Twitter and IDM

For information on social identity provider buttons and badges, see Social identity provider button and badge properties.

Copyright © 2010-2022 ForgeRock, all rights reserved.