Announce X OAuth integration #2873
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,153 @@ | ||
| --- | ||
| layout: post | ||
| title: Announcing X OAuth support in Appwrite Auth | ||
| description: Appwrite now supports X (formerly Twitter) OAuth2 login. Learn how to add it to your app in minutes. | ||
| date: 2026-04-09 | ||
| cover: /images/blog/x-oauth2-appwrite/cover.png | ||
| timeToRead: 5 | ||
| author: aditya-oberai | ||
| category: announcement, tutorial | ||
| featured: false | ||
| --- | ||
|
|
||
| We're excited to announce that Appwrite Auth now includes an X OAuth adapter. You can now let users sign in with their X account using Appwrite's built-in OAuth2 support, with no custom backend code required. | ||
|
Member
There was a problem hiding this comment. Should we call it OAuth2 adapter to be more consistent everywhere |
||
|
|
||
| X is one of the most widely used social platforms, with hundreds of millions of active users. Adding "Sign in with X" gives your users a fast, familiar way to get started without creating a new account, and gives you a verified identity to work with from day one. | ||
|
|
||
| In this guide, we'll walk through what this means for your app, why it matters, and how to set it up. | ||
|
|
||
| # Why X OAuth is useful for developers and users | ||
|
|
||
| For users, social login removes the friction of registration. There's no new password to create or forget, no verification email to wait for. They click one button, approve access, and they're in. | ||
|
|
||
| For developers, social login with Appwrite means you don't have to implement or maintain any OAuth infrastructure yourself. Appwrite handles the redirect, the token exchange, the session creation, and the refresh flow. You call one SDK method. The rest happens server-side. | ||
|
|
||
| X in particular is valuable for apps that are social or content-focused. If your users are already on X, letting them authenticate with it creates a natural connection between their X identity and your product. You can also use the access token Appwrite stores to call the X API on their behalf, enabling things like reading their profile, fetching their posts, or building X-connected features. | ||
|
|
||
| # How OAuth2 works in Appwrite | ||
|
|
||
| When a user signs in with X, Appwrite manages the entire OAuth2 flow on your behalf: | ||
|
|
||
| 1. Your app calls an Appwrite SDK method, which returns an authorization URL. | ||
| 2. The user is redirected to X's consent screen. | ||
| 3. After granting access, X redirects back to Appwrite with an authorization code. | ||
| 4. Appwrite exchanges the code for an access token and refresh token with X. | ||
| 5. Appwrite redirects the user to your success URL with a `userId` and `secret`. | ||
| 6. Your app uses these to create an Appwrite session. | ||
|
|
||
| Appwrite's X adapter uses **OAuth 2.0 with PKCE** (Proof Key for Code Exchange), which is required by X's API v2 and adds an extra layer of security by preventing authorization code interception attacks. | ||
|
|
||
| # Creating an X Developer app | ||
|
|
||
| To connect Appwrite to X, you first need to register an app on the [X Developer Console](https://console.x.com). | ||
|
|
||
| Log in and create a new project, then create a new app inside that project (or use an existing one). Give your app a name that reflects what you're building. | ||
|
|
||
|  | ||
|
|
||
| Once the app is created, open the app's **Settings** and scroll down to **User authentication settings**. Click **Set up** and configure the following: | ||
|
|
||
| - **App permissions**: Select **Read** at a minimum. If your app needs to post or access direct messages, select the appropriate permissions. | ||
| - **Type of App**: Select **Web App, Automated App or Bot**. | ||
| - **Callback URI / Redirect URL**: Temporarily add `https://temporary-endpoint.com/`. You'll replace this with the real URI from Appwrite in the next step. | ||
|
|
||
|  | ||
|
|
||
| After saving, X will display a **Client ID** and **Client Secret**. Save both. The Client Secret is only shown once, so copy it somewhere safe before closing the page. | ||
|
|
||
| # Enabling X as a provider in Appwrite | ||
|
|
||
| Head to your [Appwrite Console](https://cloud.appwrite.io/) and open your project. Navigate to **Auth** > **Settings**, scroll to **OAuth2 Providers**, and click on **X**. | ||
|
|
||
|  | ||
|
|
||
| Enable the provider and paste in your **Client ID** and **Client Secret**. Appwrite will display a **Redirect URI**. Copy it and go back to your X app's **User authentication settings** to replace the temporary callback URL with this value. | ||
|
|
||
| Save the changes in both the X Developer Console and Appwrite. | ||
|
|
||
| # Logging in from your frontend | ||
|
|
||
| With the provider configured, you can trigger X login using the Appwrite SDK. Here's an example using the JavaScript SDK: | ||
|
|
||
| ```js | ||
| import { Client, Account, OAuthProvider } from 'appwrite'; | ||
|
|
||
| const client = new Client() | ||
| .setEndpoint('https://<REGION>.cloud.appwrite.io/v1') | ||
| .setProject('<PROJECT_ID>'); | ||
|
|
||
| const account = new Account(client); | ||
|
|
||
| const authUrl = await account.createOAuth2Token({ | ||
| provider: OAuthProvider.X, | ||
| success: 'https://your-app.com/auth/callback', | ||
| failure: 'https://your-app.com/auth/login?error=oauth' | ||
| }); | ||
|
|
||
| window.location.href = authUrl; | ||
| ``` | ||
|
|
||
| Then on your callback page, read the `userId` and `secret` from the query string and create the session manually: | ||
|
|
||
| ```js | ||
| const params = new URLSearchParams(window.location.search); | ||
| const userId = params.get('userId'); | ||
| const secret = params.get('secret'); | ||
|
|
||
| if (userId && secret) { | ||
| await account.createSession({ userId, secret }); | ||
| window.location.href = '/dashboard'; | ||
| } | ||
| ``` | ||
|
|
||
| # Accessing user data | ||
|
|
||
| After login, you can fetch the authenticated user's profile from Appwrite: | ||
|
|
||
| ```js | ||
| const user = await account.get(); | ||
|
|
||
| console.log(user.name); // display name from X | ||
| console.log(user.email); // email from X (if granted) | ||
| ``` | ||
|
|
||
| If you need the X access token to call the X API directly, retrieve it from the user's identities: | ||
|
|
||
| ```js | ||
| const { identities } = await account.listIdentities(); | ||
| const xIdentity = identities.find(i => i.provider === 'x'); | ||
|
|
||
| console.log(xIdentity.providerAccessToken); // X OAuth2 access token | ||
| ``` | ||
|
|
||
| You can use this access token to make requests to the [X API v2](https://docs.x.com) on behalf of the user. | ||
|
|
||
| # Refreshing the access token | ||
|
|
||
| X access tokens expire. When you need a fresh token, call `updateSession` to silently renew it using the stored refresh token: | ||
|
|
||
| ```js | ||
| await account.updateSession({ sessionId: 'current' }); | ||
|
|
||
| const { identities } = await account.listIdentities(); | ||
| const xIdentity = identities.find(i => i.provider === 'x'); | ||
|
|
||
| console.log(xIdentity.providerAccessToken); // fresh token | ||
| ``` | ||
|
|
||
| This renews the X access token without interrupting the user's Appwrite session. | ||
|
|
||
| # Final thoughts | ||
|
|
||
| Adding X login to your app with Appwrite comes down to three things: registering an app on the X Developer Console, configuring the provider in the Appwrite Console, and calling one SDK method. Appwrite handles the PKCE flow, token exchange, and session management for you. | ||
|
|
||
| If you have questions or run into issues, the [Appwrite Discord server](https://appwrite.io/discord) is the best place to get help. | ||
|
|
||
| # Further reading | ||
|
|
||
| - [X OAuth integration guide](/integrations/oauth-x) | ||
| - [Appwrite Auth OAuth2 docs](/docs/products/auth/oauth2) | ||
| - [X Developer Console](https://console.x.com) | ||
| - [X API OAuth2 documentation](https://docs.x.com/fundamentals/authentication/oauth-2-0/overview) | ||
| - [Understanding OAuth and OpenID Connect](/blog/post/oauth-openid) | ||
| - [Appwrite Auth API reference](/docs/references/cloud/client-web/account) | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -389,13 +389,6 @@ | |
| {/if} | ||
| {/each} | ||
| </ul> | ||
| </div> | ||
| </section> | ||
| {/if} | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| --- | ||
| layout: integration | ||
| title: OAuth with X | ||
| description: Authenticate users with an existing X account | ||
| date: 2026-04-09 | ||
| featured: true | ||
| isPartner: true | ||
| isNew: true | ||
| cover: /images/integrations/oauth-x/cover.png | ||
| category: auth | ||
| product: | ||
| avatar: '/images/integrations/avatars/x.png' | ||
| vendor: X | ||
| description: 'X is a social media platform where users can post short messages, follow others, and engage in real-time conversations on topics ranging from news and politics to entertainment and technology.' | ||
| platform: | ||
| - 'Cloud' | ||
| images: | ||
| - /images/integrations/oauth-x/cover.png | ||
| - /images/integrations/oauth-x/new-app.png | ||
| - /images/integrations/oauth-x/oauth2.png | ||
| - /images/integrations/oauth-x/provider.png | ||
| --- | ||
|
|
||
| X, formerly known as Twitter, is a social media platform where users can post short messages, follow others, and engage in real-time conversations on topics ranging from news and politics to entertainment and technology. With hundreds of millions of active users worldwide, X is one of the most widely used social platforms and provides OAuth 2.0 support, allowing developers to authenticate users through their existing X accounts. | ||
|
|
||
| # How does the integration work? | ||
|
|
||
| You can use the X OAuth adapter in Appwrite Auth for user authentication and management. This can be convenient for users because they can start using your app without creating a new account. It can also be more secure, because the user has one less password that could become vulnerable. | ||
|
|
||
| # How to implement | ||
|
|
||
| To implement the X OAuth adapter in Appwrite Auth, there are several steps you must complete: | ||
|
|
||
| ## Step 1: Create an X Developer app | ||
|
|
||
| First, head to the [X Developer Console](https://console.x.com/) and create a new project. In the **Apps** section, create a new app inside the project (or use an existing one). Give your app a name that reflects what you're building. | ||
|
|
||
| In your app's settings, scroll down to **User authentication settings** and click **Set up**. Configure the following: | ||
|
|
||
| - **App permissions**: Select **Read** at minimum. | ||
| - **Type of App**: Select **Web App, Automated App or Bot**. | ||
| - **Callback URI / Redirect URL**: Temporarily add `https://temporary-endpoint.com/`. This will be replaced with the actual URI once the OAuth2 adapter is configured on Appwrite. | ||
|
|
||
|  | ||
|
|
||
| After saving, X will display a **Client ID** and **Client Secret**. Save both values for later use. | ||
|
|
||
| ## Step 2: Add X OAuth adapter to your Appwrite project | ||
|
|
||
| For this step, you must [create an account on Appwrite Cloud](https://cloud.appwrite.io/register) if you haven't already. In your Appwrite project, head over to the **Auth** page, open the **Settings** tab, and click on **X** under the **OAuth2 Providers** section. | ||
|
|
||
|  | ||
|
|
||
| Add the **Client ID** and **Client Secret** you saved from your X app and copy the URI to replace the temporary URL in the **Callback URI / Redirect URL** field in your X app's user authentication settings. | ||
|
|
||
| ## Step 3: Test the provider | ||
|
|
||
| Follow the [OAuth 2 login](/docs/products/auth/oauth2#init) flow to test your provider. | ||
|
|
||
| # Read more about X and Appwrite Auth | ||
|
|
||
| If you would like to learn more about X and Appwrite Auth, we have some resources that you should visit: | ||
|
|
||
| - [X Developer Console](https://console.x.com) | ||
| - [Implement OAuth login in your apps using Appwrite Auth](/docs/products/auth/oauth2) | ||
| - [Understanding OAuth and OpenID Connect](/blog/post/oauth-openid) | ||
| - [Appwrite Auth API reference](/docs/references/cloud/client-web/account) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about
Announcing X OAuth 2.0 support in Appwrite Auth? 🤔