Configure your App Service app to use Twitter login
This article shows how to configure Azure App Service to use Twitter as an authentication provider.
To complete the procedure in this article, you need a Twitter account that has a verified email address and phone number. To create a new Twitter account, go to twitter.com.
Sign in to the Azure portal and go to your application. Copy your URL. You'll use it to configure your Twitter app.
Go to the Twitter Developers website, sign in with your Twitter account credentials, and select Create New App.
Enter a Name and a Description for your new app. Paste your application's URL into the Website field. In the Callback URL field, enter the URL of your App Service app and append the path
/.auth/login/aad/callback. For example,
https://contoso.azurewebsites.net/.auth/login/twitter/callback. Make sure to use the HTTPS scheme.
At the bottom of the page, read and accept the terms. Select Create your Twitter application. The application details are displayed.
Select the Settings tab, check Allow this application to be used to sign in with Twitter, and then select Update Settings.
Select the Keys and Access Tokens tab.
Make a note of these values:
- Consumer key (API key)
- Consumer secret (API secret)
The consumer secret is an important security credential. Do not share this secret with anyone or distribute it with your app.
Go to your application in the Azure portal.
Select Settings > Authentication / Authorization, and make sure that App Service Authentication is On.
Paste in the
API Secretvalues that you obtained previously.
By default, App Service provides authentication but doesn't restrict authorized access to your site content and APIs. You must authorize users in your app code.
(Optional) To restrict access to your site to only users authenticated by Twitter, set Action to take when request is not authenticated to Twitter. When you set this functionality, your app requires all requests to be authenticated. It also redirects all unauthenticated requests to Twitter for authentication.
Restricting access in this way applies to all calls to your app, which might not be desirable for apps that have a publicly available home page, as in many single-page applications. For such applications, Allow anonymous requests (no action) might be preferred so that the app manually starts authentication itself. For more information, see Authentication flow.
You are now ready to use Twitter for authentication in your app.
- App Service Authentication / Authorization overview.
- Advanced usage of authentication and authorization in Azure App Service
- Add authentication to your Mobile App: iOS, Android, Windows Universal, Xamarin.Android, Xamarin.iOS, Xamarin.Forms, Cordova.