You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: clarify CLIENT_ID/CLIENT_SECRET requirement for xurl oauth2 login
- xurl page: full setup flow (create app, register redirect URI, export
credentials) plus a warning for the 'Something went wrong' browser error
- MCP page: note that client-config env blocks don't apply to manual xurl
runs, add exports to the headless snippet, new troubleshooting row for
the missing-credentials browser error, and a note on which account the
OAuth login authorizes
Based on developer feedback (App ID 33144763).
Copy file name to clipboardExpand all lines: tools/mcp.mdx
+11-1Lines changed: 11 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,7 +63,7 @@ Pick one of two routes:
63
63
64
64
1.**Create an X app** with **OAuth 2.0** enabled.
65
65
2.**Register the redirect URI**`http://localhost:8080/callback` on the app (required for the first-run browser login). To use a different one, set `REDIRECT_URI` and register that instead.
66
-
3.**Copy your `CLIENT_ID` and `CLIENT_SECRET`** — you'll put them in the client config.
66
+
3.**Copy your `CLIENT_ID` and `CLIENT_SECRET`** — you'll put them in the client config. If you ever run `xurl auth oauth2` manually (e.g., the headless flow below), export them as environment variables in that shell first — the login fails in the browser without them.
67
67
4.**Have Node.js installed** (for `npx`).
68
68
5. We recommend you **install [xurl](https://github.com/xdevplatform/xurl)**:
69
69
@@ -270,6 +270,11 @@ The MCP handshake is held until you finish — that's why clients need a generou
270
270
No reachable browser? Authenticate once out-of-band, then start the client:
271
271
272
272
```bash
273
+
# Required: the env block in your client config only applies to the bridge,
274
+
# not to manual xurl runs — export the credentials in this shell first.
275
+
export CLIENT_ID="YOUR_X_APP_CLIENT_ID"
276
+
export CLIENT_SECRET="YOUR_X_APP_CLIENT_SECRET"
277
+
273
278
xurl auth oauth2 --headless # prints an auth URL; you paste back the redirect URL/code
274
279
xurl auth oauth2 --app my-app --headless # for a specific app
275
280
```
@@ -292,6 +297,10 @@ Trade-off: no auto-refresh and no user context (no actions as you). The bridge i
292
297
293
298
#### Multiple apps & accounts
294
299
300
+
<Note>
301
+
The OAuth login authorizes **whichever X account is logged in when the browser opens** — not necessarily the account that owns the app. If you're posting on behalf of a secondary/bot account, switch to that account in your browser before completing the login (or use `-u` to pick a previously authorized user).
302
+
</Note>
303
+
295
304
```bash
296
305
xurl --app my-app mcp # bridge using a specific registered app
297
306
xurl mcp -u alice https://api.x.com/mcp # act as a specific OAuth2 user
| Browser shows "Something went wrong — You weren't able to give access to the App" |`CLIENT_ID`/`CLIENT_SECRET` not set where `xurl` runs → put them in the client's `env` block, or `export` them in your shell before running `xurl auth oauth2` manually |
328
338
| Redirect/callback error in browser |`http://localhost:8080/callback` not registered on the app (or `REDIRECT_URI` mismatch) |
329
339
|`client-not-enrolled` after login | App isn't in the right X package/environment → in the portal move it to **Pay-per-use** + **Production**|
330
340
|`npx` pulls a stale version | A private registry mirror is default → pin `--registry=https://registry.npmjs.org/` in `args`|
Copy file name to clipboardExpand all lines: tools/xurl.mdx
+24-3Lines changed: 24 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,13 +25,34 @@ go install github.com/xdevplatform/xurl@latest
25
25
26
26
## Setup
27
27
28
-
Authorize xurl with your X API credentials on first use:
28
+
### 1. Create an X app
29
+
30
+
xurl authenticates using your own developer app. In the [X Developer Portal](https://developer.x.com):
31
+
32
+
1. Create (or open) an app with **OAuth 2.0** enabled.
33
+
2. Register the redirect URI `http://localhost:8080/callback` on the app.
34
+
3. Copy the app's **Client ID** and **Client Secret** from the "Keys and tokens" page.
35
+
36
+
### 2. Set your credentials
37
+
38
+
Exportthecredentialsinthesameshellyou'll run xurl from:
29
39
30
40
```bash
31
-
xurl auth
41
+
export CLIENT_ID="your-x-app-client-id"
42
+
export CLIENT_SECRET="your-x-app-client-secret"
32
43
```
33
44
34
-
This opens a browser-based OAuth flow. Once authorized, xurl stores your tokens locally so you don't need to authenticate again.
45
+
### 3. Authorize
46
+
47
+
```bash
48
+
xurl auth oauth2
49
+
```
50
+
51
+
This opens a browser-based OAuth flow. Once authorized, xurl stores your tokens locally in `~/.xurl` so you don't need to authenticate again.
52
+
53
+
<Warning>
54
+
If the browser shows **"Something went wrong — You weren't able to give access to the App"**, xurl started the login without valid credentials. Make sure `CLIENT_ID` and `CLIENT_SECRET` are exported in the shell where you ran `xurl auth oauth2`, and that `http://localhost:8080/callback` is registered as a redirect URI on your app.
0 commit comments