Add Your Client ID to Sequence Builder
First, you need to create an application in the X Developer Portal to get a Client ID and Client Secret. After creating your application, you must add the Client ID to your project’s configuration in Sequence Builder.- Go to your project in the Sequence Builder.
- Navigate to the Embedded Wallet settings.
- Under the authentication providers, find X (Twitter) and paste your Client ID into the corresponding field.
Authenticating with the SDK
Once you have an access token from X, you can pass it to the Sequence WaaS SDK to sign in the user. This is different from other OIDC providers like Google or Epic Games where you would pass anidToken
. For X, you will use the xAccessToken
parameter.
Obtaining an Access Token from X
To get an access token, you need to implement the OAuth 2.0 PKCE flow. Due to issues with X’s OAuth 2.0 implementation, Sequence hosts a custom proxy service to ensure a smooth and reliable authentication flow.Using the Sequence X Auth Proxy
Instead of sending requests directly toapi.x.com
, you will use the Sequence proxy URL that facilitates the OAuth 2.0 flow.
When performing the token exchange in your OAuth 2.0 PKCE flow, you should target the following URL:
Example Implementation
Here is a minimal example of how to implement the X authentication flow using the Sequence proxy.For production applications, you should use the
S256
code_challenge_method
for PKCE, which is more secure. This requires generating a random code_verifier
string, hashing it with SHA-256, and sending the Base64-URL-encoded hash as the code_challenge
. The original code_verifier
is then sent in the token request.Required Scopes
When you configure your X application and request authorization from users, you must include the following scopes at a minimum:users.read
email.read
tweet.read
tweet.read
. Due to a peculiarity in the X API, if this scope is not requested, the other scopes may not take effect. Sequence does not read any user tweets; this permission is requested only to ensure the authentication process works correctly.