Add ability to signup via twitter

[lakhansamani]

[Aurifi]

Hey! :) I've started implementing this and quite early found out that there seems to be a difference in the login via twitter vs. the other social-media providers. It seems like for a login with twitter only the PKCE-flow is supported. Due to that a random challenge is necessary for the initial request to /authorize. See HERE for necessary params to /authorize

On the other hand there seems to be some support for confidential clients. As it seems to be possible to make a request to /token with a ClientID and Secret, but that request also still requires the challenge. See HERE or the screenshot below.

Am I just missing a detail in the other providers, or is the flow in fact different? :) If so, should Login with Twitter still be implemented?

[MerleLiuKun]

From what I know, there have a parameter called code_verifier throughout the whole process. that's different for other providers.

May need keep this verifier in others place.

I have a oauth demo maybe help.

[lakhansamani]

Thank you @MerleLiuKun this is really helpful 👍

[Aurifi]

Hey @lakhansamani , feel free to take a look at my PR :) There's a few things which I wasn't quite sure about. e.g.

• Twitter does not provide the E-Mail of a user through any API by default, each Authorizer-Instance would have to request elevated privileges by twitter to get those. This results in no E-Mail being set currently.
• Twitter also does not provide seperate fields for first- and last-name in userinfo.
• Authorizer needs to store the PKCE-Verifier at some place between the calls to /oauth_login and /oauth_callback. I used setState for that purpose, but I'm not sure whether this is an intended usage.