Twitter/X Social Login

Allow WiFi guests to authenticate on your captive portal using their Twitter/X accounts with OAuth 2.0, enabling quick access and profile data collection.

Overview

Twitter/X social login provides:

Quick authentication via Twitter/X accounts
Profile data collection (username, name)
Social engagement potential
Broad user base access

Prerequisites

IronWiFi account with captive portal
Twitter/X Developer account
Twitter API v2 access (Elevated or higher)

Important Note on API Access

Twitter/X has changed its API access tiers:

Free tier: Very limited (may not support OAuth)
Basic tier: ($100/month) OAuth support
Pro tier: ($5000/month) Full features

Verify your access level supports OAuth 2.0 User Authentication.

Twitter Developer Setup

Create Developer Account

Go to developer.twitter.com
Apply for developer access
Complete application process
Wait for approval

Create Project and App

In Developer Portal, click Projects & Apps
Create a new Project
Create an App within the project
Note your:
- Client ID
- Client Secret

Configure OAuth 2.0

In app settings, go to User authentication settings
Click Set up
Configure:
- App permissions: Read (minimum)
- Type of App: Web App
- Callback URI:
```
https://auth.ironwifi.com/callback/twitter
```
- Website URL: Your company website

IronWiFi Configuration

Step 1: Add Twitter Provider

Log in to IronWiFi Console
Navigate to Networks > Captive Portals
Select your captive portal
Go to Authentication Providers
Click Add Provider > Twitter/X

Step 2: Configure OAuth

Enter credentials:

Client ID: Your Twitter OAuth 2.0 Client ID
Client Secret: Your Twitter Client Secret
Redirect URI: Confirm matches Twitter app config

Step 3: Configure Scopes

Select requested permissions:

```
tweet.read
```
- Read tweets
```
users.read
```
- Read user profile
```
offline.access
```
- Refresh tokens (optional)

Data Collection

Available Data

Twitter API provides:

Field	Description
`id`	Twitter user ID
`name`	Display name
`username`	Twitter handle (@username)
`profile_image_url`	Profile picture URL
`verified`	Verification status
`description`	Bio (if permissions allow)

Data Limitations

Note these limitations:

Email requires special approval from Twitter
Some fields require elevated access
Rate limits apply

Authentication Flow

User Experience

Guest connects to WiFi
Captive portal shows "Continue with X" button
Guest clicks and redirects to Twitter/X
Logs in and authorizes app
Redirected back, WiFi access granted

OAuth 2.0 with PKCE

Twitter uses OAuth 2.0 with PKCE:

Generate code_verifier and code_challenge
Redirect to Twitter authorize endpoint
Receive authorization code
Exchange code for access token
Fetch user profile
Grant WiFi access

Splash Page Integration

Add Twitter Button

<div class="social-login">
  <a href="{{twitter_auth_url}}" class="btn-twitter">
    <svg class="x-logo" viewBox="0 0 24 24">
      <!-- X logo SVG -->
    </svg>
    Continue with X
  </a>
</div>

```html
<style>
.btn-twitter {
  background: #000000;
  color: white;
  padding: 12px 24px;
  border-radius: 4px;
  display: flex;
  align-items: center;
  gap: 8px;
}
</style>

## API Rate Limits

### Twitter API Limits

Be aware of rate limits:

| Endpoint | Limit |
|----------|-------|
| OAuth | 300/15 min per user |
| User lookup | 300/15 min per app |

### Handling Limits

1. Cache user data where possible
2. Monitor rate limit headers
3. Implement backoff strategy
4. Show friendly error messages

## Troubleshooting

### OAuth Errors

**Invalid Client:**
- Verify Client ID and Secret
- Check app is approved
- Confirm OAuth 2.0 is enabled

**Callback Mismatch:**
- URL must match exactly
- Check for trailing slashes
- Verify HTTPS

**Access Denied:**
- User declined permissions
- App suspended
- API tier doesn't support OAuth

### User Not Found

1. Check API response
2. Verify scopes requested
3. Review access token validity
4. Check rate limits

## Security

### Best Practices

1. **Use OAuth 2.0** - Not OAuth 1.0a
2. **Implement PKCE** - Prevents code interception
3. **Secure storage** - Protect client secret
4. **Token handling** - Don't expose tokens
5. **HTTPS only** - All callbacks over HTTPS

### Token Management

- Access tokens are short-lived
- Use refresh tokens if available
- Don't store tokens longer than needed

## Compliance

### Twitter Developer Agreement

Comply with:
- Twitter Developer Agreement
- Twitter Developer Policy
- Display requirements

### Display Requirements

When showing Twitter data:
- Follow Twitter brand guidelines
- Use correct logos
- Attribute data source

## Limitations

### API Access Tiers

Free tier limitations:
- May not support OAuth
- Very limited rate limits
- Consider paid tier for production

### Data Access

- Email not available without special permission
- Some fields require elevated access
- Verification status may require approval

## Best Practices

1. **Consider costs** - API access isn't free
2. **Cache wisely** - Respect rate limits
3. **Clear UI** - Tell users what's requested
4. **Handle errors** - Graceful degradation
5. **Offer alternatives** - Other login options

## Related Topics

- [Instagram Integration](/user-guide/integrations/instagram)
- [LinkedIn Integration](/user-guide/integrations/linkedin)
- [Authentication Providers](/user-guide/captive-portals/authentication-providers)

Was this page helpful?

Overview​

Prerequisites​

Important Note on API Access​

Twitter Developer Setup​

Create Developer Account​

Create Project and App​

Configure OAuth 2.0​

IronWiFi Configuration​

Step 1: Add Twitter Provider​

Step 2: Configure OAuth​

Step 3: Configure Scopes​

Data Collection​

Available Data​

Data Limitations​

Authentication Flow​

User Experience​

OAuth 2.0 with PKCE​

Splash Page Integration​

Add Twitter Button​