Skip to content

Commit e5603aa

Browse files
committed
docs: clarify CLIENT_ID/CLIENT_SECRET requirement for xurl oauth2 login
- xurl page: full setup flow (create app, register redirect URI, export credentials) plus a warning for the 'Something went wrong' browser error - MCP page: note that client-config env blocks don't apply to manual xurl runs, add exports to the headless snippet, new troubleshooting row for the missing-credentials browser error, and a note on which account the OAuth login authorizes Based on developer feedback (App ID 33144763).
1 parent 03c6262 commit e5603aa

2 files changed

Lines changed: 35 additions & 4 deletions

File tree

tools/mcp.mdx

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ Pick one of two routes:
6363

6464
1. **Create an X app** with **OAuth 2.0** enabled.
6565
2. **Register the redirect URI** `http://localhost:8080/callback` on the app (required for the first-run browser login). To use a different one, set `REDIRECT_URI` and register that instead.
66-
3. **Copy your `CLIENT_ID` and `CLIENT_SECRET`** — you'll put them in the client config.
66+
3. **Copy your `CLIENT_ID` and `CLIENT_SECRET`** — you'll put them in the client config. If you ever run `xurl auth oauth2` manually (e.g., the headless flow below), export them as environment variables in that shell first — the login fails in the browser without them.
6767
4. **Have Node.js installed** (for `npx`).
6868
5. We recommend you **install [xurl](https://github.com/xdevplatform/xurl)**:
6969

@@ -270,6 +270,11 @@ The MCP handshake is held until you finish — that's why clients need a generou
270270
No reachable browser? Authenticate once out-of-band, then start the client:
271271

272272
```bash
273+
# Required: the env block in your client config only applies to the bridge,
274+
# not to manual xurl runs — export the credentials in this shell first.
275+
export CLIENT_ID="YOUR_X_APP_CLIENT_ID"
276+
export CLIENT_SECRET="YOUR_X_APP_CLIENT_SECRET"
277+
273278
xurl auth oauth2 --headless # prints an auth URL; you paste back the redirect URL/code
274279
xurl auth oauth2 --app my-app --headless # for a specific app
275280
```
@@ -292,6 +297,10 @@ Trade-off: no auto-refresh and no user context (no actions as you). The bridge i
292297

293298
#### Multiple apps & accounts
294299

300+
<Note>
301+
The OAuth login authorizes **whichever X account is logged in when the browser opens** — not necessarily the account that owns the app. If you're posting on behalf of a secondary/bot account, switch to that account in your browser before completing the login (or use `-u` to pick a previously authorized user).
302+
</Note>
303+
295304
```bash
296305
xurl --app my-app mcp # bridge using a specific registered app
297306
xurl mcp -u alice https://api.x.com/mcp # act as a specific OAuth2 user
@@ -325,6 +334,7 @@ npx -y @xdevplatform/xurl mcp https://api.x.com/mcp
325334
| Client times out on startup | Raise `startup_timeout_sec` to 300+; the bridge is waiting on your browser login |
326335
| Browser never opens | No display (headless) → run `xurl auth oauth2 --headless` first; ensure `npx` resolves |
327336
| `401` / `token refresh failed` | App credentials wrong, or refresh token revoked → re-run the login (`xurl auth oauth2 [--app NAME]`) |
337+
| Browser shows "Something went wrong — You weren't able to give access to the App" | `CLIENT_ID`/`CLIENT_SECRET` not set where `xurl` runs → put them in the client's `env` block, or `export` them in your shell before running `xurl auth oauth2` manually |
328338
| Redirect/callback error in browser | `http://localhost:8080/callback` not registered on the app (or `REDIRECT_URI` mismatch) |
329339
| `client-not-enrolled` after login | App isn't in the right X package/environment → in the portal move it to **Pay-per-use** + **Production** |
330340
| `npx` pulls a stale version | A private registry mirror is default → pin `--registry=https://registry.npmjs.org/` in `args` |

tools/xurl.mdx

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,34 @@ go install github.com/xdevplatform/xurl@latest
2525

2626
## Setup
2727

28-
Authorize xurl with your X API credentials on first use:
28+
### 1. Create an X app
29+
30+
xurl authenticates using your own developer app. In the [X Developer Portal](https://developer.x.com):
31+
32+
1. Create (or open) an app with **OAuth 2.0** enabled.
33+
2. Register the redirect URI `http://localhost:8080/callback` on the app.
34+
3. Copy the app's **Client ID** and **Client Secret** from the "Keys and tokens" page.
35+
36+
### 2. Set your credentials
37+
38+
Export the credentials in the same shell you'll run xurl from:
2939

3040
```bash
31-
xurl auth
41+
export CLIENT_ID="your-x-app-client-id"
42+
export CLIENT_SECRET="your-x-app-client-secret"
3243
```
3344

34-
This opens a browser-based OAuth flow. Once authorized, xurl stores your tokens locally so you don't need to authenticate again.
45+
### 3. Authorize
46+
47+
```bash
48+
xurl auth oauth2
49+
```
50+
51+
This opens a browser-based OAuth flow. Once authorized, xurl stores your tokens locally in `~/.xurl` so you don't need to authenticate again.
52+
53+
<Warning>
54+
If the browser shows **"Something went wrong — You weren't able to give access to the App"**, xurl started the login without valid credentials. Make sure `CLIENT_ID` and `CLIENT_SECRET` are exported in the shell where you ran `xurl auth oauth2`, and that `http://localhost:8080/callback` is registered as a redirect URI on your app.
55+
</Warning>
3556

3657
---
3758

0 commit comments

Comments
 (0)