Hi all, hopefully this is a fairly straight forward question. When using xano for social login, specifically Twitter, what is the recommended callback url added to Twitter? Is it a xano based url or is it my weweb editor url?
I have xano configured with the appropriate Twitter consumer keys and have made no mordifications to the api workflow on the xano end. Based on the videos I’ve watched, specifically the xano we web Google login video, doesn’t seem like any changes were made.
Hoping to have this solved quickly!
Here is a screenshot of my X developer portal:
Here is the error I get from weweb when trying to call the xano twitter social login:
For all oauth2 logins, the callback URL is to the front end (weweb) not the backend (xano). The purpose is to send the page in your environment a query string that contains the authorization code. Your FE sends that to your BE, which then redeems that code for an ID token, which can authenticate your user.
Strange since I still get an AxiosError and am using my full weweb editor url as the callback url for twitter, dug deeper into the response and found this:
So dug into this further, I noticed that the request in the log report from Weweb shows that xano is providing an additional slug to the redirect url. For example, my home editor weweb url is https://editor.weweb(dot)io/b7591ea4-08de-4af2-99fb-6edd718e51f8 however the request in weweb shows this url: https://x8ki-letl-twmt.n7.xano(dot)io/api:CJaexNTY/oauth/twitter/request_token?redirect_uri=https:%2F%2Feditor.weweb.io%2Fb7591ea4-08de-4af2-99fb-6edd718e51f8%2F3517ae00-5cc0-4a6f-bd79-418df8faf85e"
When I change the callback url in twitter to the longer editor weweb url xano is creating, the twitter window pops up, I authorize, and I’m redirected to weweb, however my authentication is still false and no new record is created in xano
What did you expect to happen on the redirect? Do you have a workflow in your page load that is monitoring the address bar for the code in your query string? You need to collect that and send it back to Xano. That “authorization code” is what Xano can redeem (along with your client ID and secret) for the ID token you’re looking for from Twitter. Then Xano can analyze that token to compare with your local user table to see if the Twitter user is “one of yours” at which point it can return an auth token based on the user id in Xano, or it can do something else (auto-signup, reject, etc) based on what you need from your business logic.
You need to collect that and send it back to Xano. That “authorization code” is what Xano can redeem (along with your client ID and secret) for the ID token you’re looking for from Twitter.
@raydeck I think this is what our action login provider do automatically, but there may be an issue with Twitter
