Configure your App Service app to use Twitter login

This article shows how to configure Azure App Service to use Twitter as an authentication provider.

To complete the procedure in this article, you need a Twitter account that has a verified email address and phone number. To create a new Twitter account, go to twitter.com.

Register your application with Twitter

  1. Sign in to the Azure portal and go to your application. Copy your URL. You'll use it to configure your Twitter app.

  2. Go to the Twitter Developers website, sign in with your Twitter account credentials, and select Create New App.

  3. Enter a Name and a Description for your new app. Paste your application's URL into the Website field. In the Callback URL field, enter the URL of your App Service app and append the path /.auth/login/aad/callback. For example, https://contoso.azurewebsites.net/.auth/login/twitter/callback. Make sure to use the HTTPS scheme.

  4. At the bottom of the page, read and accept the terms. Select Create your Twitter application. The application details are displayed.

  5. Select the Settings tab, check Allow this application to be used to sign in with Twitter, and then select Update Settings.

  6. Select the Keys and Access Tokens tab.

    Make a note of these values:

    • Consumer key (API key)
    • Consumer secret (API secret)

    Note

    The consumer secret is an important security credential. Do not share this secret with anyone or distribute it with your app.

Add Twitter information to your application

  1. Go to your application in the Azure portal.

  2. Select Settings > Authentication / Authorization, and make sure that App Service Authentication is On.

  3. Select Twitter.

  4. Paste in the API Key and API Secret values that you obtained previously.

  5. Select OK.

    Screenshot of Mobile App Twitter settings

    By default, App Service provides authentication but doesn't restrict authorized access to your site content and APIs. You must authorize users in your app code.

  6. (Optional) To restrict access to your site to only users authenticated by Twitter, set Action to take when request is not authenticated to Twitter. When you set this functionality, your app requires all requests to be authenticated. It also redirects all unauthenticated requests to Twitter for authentication.

    Caution

    Restricting access in this way applies to all calls to your app, which might not be desirable for apps that have a publicly available home page, as in many single-page applications. For such applications, Allow anonymous requests (no action) might be preferred so that the app manually starts authentication itself. For more information, see Authentication flow.

  7. Select Save.

You are now ready to use Twitter for authentication in your app.

Next steps