Skip to main content

Twitter/X Social Login

Allow WiFi guests to authenticate on your captive portal using their Twitter/X accounts with OAuth 2.0, enabling quick access and profile data collection.

Overview

Twitter/X social login provides:

  • Quick authentication via Twitter/X accounts
  • Profile data collection (username, name)
  • Social engagement potential
  • Broad user base access

Prerequisites

  • IronWifi account with captive portal
  • Twitter/X Developer account
  • Twitter API v2 access (Elevated or higher)

Important Note on API Access

Twitter/X has changed its API access tiers:

  • Free tier: Very limited (may not support OAuth)
  • Basic tier: ($100/month) OAuth support
  • Pro tier: ($5000/month) Full features

Verify your access level supports OAuth 2.0 User Authentication.

Twitter Developer Setup

Create Developer Account

  1. Go to developer.twitter.com
  2. Apply for developer access
  3. Complete application process
  4. Wait for approval

Create Project and App

  1. In Developer Portal, click Projects & Apps
  2. Create a new Project
  3. Create an App within the project
  4. Note your:
    • Client ID
    • Client Secret

Configure OAuth 2.0

  1. In app settings, go to User authentication settings
  2. Click Set up
  3. Configure:
    • App permissions: Read (minimum)
    • Type of App: Web App
    • Callback URI: https://auth.ironwifi.com/callback/twitter
    • Website URL: Your company website

IronWifi Configuration

Step 1: Add Twitter Provider

  1. Log in to IronWifi Console
  2. Navigate to Networks > Captive Portals
  3. Select your captive portal
  4. Go to Authentication Providers
  5. Click Add Provider > Twitter/X

Step 2: Configure OAuth

Enter credentials:

  • Client ID: Your Twitter OAuth 2.0 Client ID
  • Client Secret: Your Twitter Client Secret
  • Redirect URI: Confirm matches Twitter app config

Step 3: Configure Scopes

Select requested permissions:

  • tweet.read - Read tweets
  • users.read - Read user profile
  • offline.access - Refresh tokens (optional)

Data Collection

Available Data

Twitter API provides:

FieldDescription
idTwitter user ID
nameDisplay name
usernameTwitter handle (@username)
profile_image_urlProfile picture URL
verifiedVerification status
descriptionBio (if permissions allow)

Data Limitations

Note these limitations:

  • Email requires special approval from Twitter
  • Some fields require elevated access
  • Rate limits apply

Authentication Flow

User Experience

  1. Guest connects to WiFi
  2. Captive portal shows "Continue with X" button
  3. Guest clicks and redirects to Twitter/X
  4. Logs in and authorizes app
  5. Redirected back, WiFi access granted

OAuth 2.0 with PKCE

Twitter uses OAuth 2.0 with PKCE:

1. Generate code_verifier and code_challenge
2. Redirect to Twitter authorize endpoint
3. Receive authorization code
4. Exchange code for access token
5. Fetch user profile
6. Grant WiFi access

Splash Page Integration

Add Twitter Button

<div class="social-login">
  <a href="{{twitter_auth_url}}" class="btn-twitter">
    <svg class="x-logo" viewBox="0 0 24 24">
      <!-- X logo SVG -->
    </svg>
    Continue with X
  </a>
</div>

<style>
.btn-twitter {
  background: #000000;
  color: white;
  padding: 12px 24px;
  border-radius: 4px;
  display: flex;
  align-items: center;
  gap: 8px;
}
</style>

API Rate Limits

Twitter API Limits

Be aware of rate limits:

EndpointLimit
OAuth300/15 min per user
User lookup300/15 min per app

Handling Limits

  1. Cache user data where possible
  2. Monitor rate limit headers
  3. Implement backoff strategy
  4. Show friendly error messages

Troubleshooting

OAuth Errors

Invalid Client:

  • Verify Client ID and Secret
  • Check app is approved
  • Confirm OAuth 2.0 is enabled

Callback Mismatch:

  • URL must match exactly
  • Check for trailing slashes
  • Verify HTTPS

Access Denied:

  • User declined permissions
  • App suspended
  • API tier doesn't support OAuth

User Not Found

  1. Check API response
  2. Verify scopes requested
  3. Review access token validity
  4. Check rate limits

Security

Best Practices

  1. Use OAuth 2.0 - Not OAuth 1.0a
  2. Implement PKCE - Prevents code interception
  3. Secure storage - Protect client secret
  4. Token handling - Don't expose tokens
  5. HTTPS only - All callbacks over HTTPS

Token Management

  • Access tokens are short-lived
  • Use refresh tokens if available
  • Don't store tokens longer than needed

Compliance

Twitter Developer Agreement

Comply with:

  • Twitter Developer Agreement
  • Twitter Developer Policy
  • Display requirements

Display Requirements

When showing Twitter data:

  • Follow Twitter brand guidelines
  • Use correct logos
  • Attribute data source

Limitations

API Access Tiers

Free tier limitations:

  • May not support OAuth
  • Very limited rate limits
  • Consider paid tier for production

Data Access

  • Email not available without special permission
  • Some fields require elevated access
  • Verification status may require approval

Best Practices

  1. Consider costs - API access isn't free
  2. Cache wisely - Respect rate limits
  3. Clear UI - Tell users what's requested
  4. Handle errors - Graceful degradation
  5. Offer alternatives - Other login options