|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: Announcing X OAuth support in Appwrite Auth |
| 4 | +description: Appwrite now supports X (formerly Twitter) OAuth2 login. Learn how to add it to your app in minutes. |
| 5 | +date: 2026-04-09 |
| 6 | +cover: /images/blog/x-oauth2-appwrite/cover.png |
| 7 | +timeToRead: 5 |
| 8 | +author: aditya-oberai |
| 9 | +category: announcement, tutorial |
| 10 | +featured: false |
| 11 | +--- |
| 12 | + |
| 13 | +We're excited to announce that Appwrite Auth now includes an X OAuth adapter. You can now let users sign in with their X account using Appwrite's built-in OAuth2 support, with no custom backend code required. |
| 14 | + |
| 15 | +X is one of the most widely used social platforms, with hundreds of millions of active users. Adding "Sign in with X" gives your users a fast, familiar way to get started without creating a new account, and gives you a verified identity to work with from day one. |
| 16 | + |
| 17 | +In this guide, we'll walk through what this means for your app, why it matters, and how to set it up. |
| 18 | + |
| 19 | +# Why X OAuth is useful for developers and users |
| 20 | + |
| 21 | +For users, social login removes the friction of registration. There's no new password to create or forget, no verification email to wait for. They click one button, approve access, and they're in. |
| 22 | + |
| 23 | +For developers, social login with Appwrite means you don't have to implement or maintain any OAuth infrastructure yourself. Appwrite handles the redirect, the token exchange, the session creation, and the refresh flow. You call one SDK method. The rest happens server-side. |
| 24 | + |
| 25 | +X in particular is valuable for apps that are social or content-focused. If your users are already on X, letting them authenticate with it creates a natural connection between their X identity and your product. You can also use the access token Appwrite stores to call the X API on their behalf, enabling things like reading their profile, fetching their posts, or building X-connected features. |
| 26 | + |
| 27 | +# How OAuth2 works in Appwrite |
| 28 | + |
| 29 | +When a user signs in with X, Appwrite manages the entire OAuth2 flow on your behalf: |
| 30 | + |
| 31 | +1. Your app calls an Appwrite SDK method, which returns an authorization URL. |
| 32 | +2. The user is redirected to X's consent screen. |
| 33 | +3. After granting access, X redirects back to Appwrite with an authorization code. |
| 34 | +4. Appwrite exchanges the code for an access token and refresh token with X. |
| 35 | +5. Appwrite redirects the user to your success URL with a `userId` and `secret`. |
| 36 | +6. Your app uses these to create an Appwrite session. |
| 37 | + |
| 38 | +Appwrite's X adapter uses **OAuth 2.0 with PKCE** (Proof Key for Code Exchange), which is required by X's API v2 and adds an extra layer of security by preventing authorization code interception attacks. |
| 39 | + |
| 40 | +# Creating an X Developer app |
| 41 | + |
| 42 | +To connect Appwrite to X, you first need to register an app on the [X Developer Console](https://console.x.com). |
| 43 | + |
| 44 | +Log in and create a new project, then create a new app inside that project (or use an existing one). Give your app a name that reflects what you're building. |
| 45 | + |
| 46 | + |
| 47 | + |
| 48 | +Once the app is created, open the app's **Settings** and scroll down to **User authentication settings**. Click **Set up** and configure the following: |
| 49 | + |
| 50 | +- **App permissions**: Select **Read** at a minimum. If your app needs to post or access direct messages, select the appropriate permissions. |
| 51 | +- **Type of App**: Select **Web App, Automated App or Bot**. |
| 52 | +- **Callback URI / Redirect URL**: Temporarily add `https://temporary-endpoint.com/`. You'll replace this with the real URI from Appwrite in the next step. |
| 53 | + |
| 54 | + |
| 55 | + |
| 56 | +After saving, X will display a **Client ID** and **Client Secret**. Save both. The Client Secret is only shown once, so copy it somewhere safe before closing the page. |
| 57 | + |
| 58 | +# Enabling X as a provider in Appwrite |
| 59 | + |
| 60 | +Head to your [Appwrite Console](https://cloud.appwrite.io/) and open your project. Navigate to **Auth** > **Settings**, scroll to **OAuth2 Providers**, and click on **X**. |
| 61 | + |
| 62 | + |
| 63 | + |
| 64 | +Enable the provider and paste in your **Client ID** and **Client Secret**. Appwrite will display a **Redirect URI**. Copy it and go back to your X app's **User authentication settings** to replace the temporary callback URL with this value. |
| 65 | + |
| 66 | +Save the changes in both the X Developer Console and Appwrite. |
| 67 | + |
| 68 | +# Logging in from your frontend |
| 69 | + |
| 70 | +With the provider configured, you can trigger X login using the Appwrite SDK. Here's an example using the JavaScript SDK: |
| 71 | + |
| 72 | +```js |
| 73 | +import { Client, Account, OAuthProvider } from 'appwrite'; |
| 74 | + |
| 75 | +const client = new Client() |
| 76 | + .setEndpoint('https://<REGION>.cloud.appwrite.io/v1') |
| 77 | + .setProject('<PROJECT_ID>'); |
| 78 | + |
| 79 | +const account = new Account(client); |
| 80 | + |
| 81 | +const authUrl = await account.createOAuth2Token({ |
| 82 | + provider: OAuthProvider.X, |
| 83 | + success: 'https://your-app.com/auth/callback', |
| 84 | + failure: 'https://your-app.com/auth/login?error=oauth' |
| 85 | +}); |
| 86 | + |
| 87 | +window.location.href = authUrl; |
| 88 | +``` |
| 89 | + |
| 90 | +Then on your callback page, read the `userId` and `secret` from the query string and create the session manually: |
| 91 | + |
| 92 | +```js |
| 93 | +const params = new URLSearchParams(window.location.search); |
| 94 | +const userId = params.get('userId'); |
| 95 | +const secret = params.get('secret'); |
| 96 | + |
| 97 | +if (userId && secret) { |
| 98 | + await account.createSession({ userId, secret }); |
| 99 | + window.location.href = '/dashboard'; |
| 100 | +} |
| 101 | +``` |
| 102 | + |
| 103 | +# Accessing user data |
| 104 | + |
| 105 | +After login, you can fetch the authenticated user's profile from Appwrite: |
| 106 | + |
| 107 | +```js |
| 108 | +const user = await account.get(); |
| 109 | + |
| 110 | +console.log(user.name); // display name from X |
| 111 | +console.log(user.email); // email from X (if granted) |
| 112 | +``` |
| 113 | + |
| 114 | +If you need the X access token to call the X API directly, retrieve it from the user's identities: |
| 115 | + |
| 116 | +```js |
| 117 | +const { identities } = await account.listIdentities(); |
| 118 | +const xIdentity = identities.find(i => i.provider === 'x'); |
| 119 | + |
| 120 | +console.log(xIdentity.providerAccessToken); // X OAuth2 access token |
| 121 | +``` |
| 122 | + |
| 123 | +You can use this access token to make requests to the [X API v2](https://docs.x.com) on behalf of the user. |
| 124 | + |
| 125 | +# Refreshing the access token |
| 126 | + |
| 127 | +X access tokens expire. When you need a fresh token, call `updateSession` to silently renew it using the stored refresh token: |
| 128 | + |
| 129 | +```js |
| 130 | +await account.updateSession({ sessionId: 'current' }); |
| 131 | + |
| 132 | +const { identities } = await account.listIdentities(); |
| 133 | +const xIdentity = identities.find(i => i.provider === 'x'); |
| 134 | + |
| 135 | +console.log(xIdentity.providerAccessToken); // fresh token |
| 136 | +``` |
| 137 | + |
| 138 | +This renews the X access token without interrupting the user's Appwrite session. |
| 139 | + |
| 140 | +# Final thoughts |
| 141 | + |
| 142 | +Adding X login to your app with Appwrite comes down to three things: registering an app on the X Developer Console, configuring the provider in the Appwrite Console, and calling one SDK method. Appwrite handles the PKCE flow, token exchange, and session management for you. |
| 143 | + |
| 144 | +If you have questions or run into issues, the [Appwrite Discord server](https://appwrite.io/discord) is the best place to get help. |
| 145 | + |
| 146 | +# Further reading |
| 147 | + |
| 148 | +- [X OAuth integration guide](/integrations/oauth-x) |
| 149 | +- [Appwrite Auth OAuth2 docs](/docs/products/auth/oauth2) |
| 150 | +- [X Developer Console](https://console.x.com) |
| 151 | +- [X API OAuth2 documentation](https://docs.x.com/fundamentals/authentication/oauth-2-0/overview) |
| 152 | +- [Understanding OAuth and OpenID Connect](/blog/post/oauth-openid) |
| 153 | +- [Appwrite Auth API reference](/docs/references/cloud/client-web/account) |
0 commit comments