How to configure your App Service application to use Twitter login
This topic shows you how to configure Azure App Service to use Twitter as an authentication provider.
To complete the procedure in this topic, you must have a Twitter account that has a verified email address and phone number. To create a new Twitter account, go to twitter.com.
Log on to the Azure portal, and navigate to your application. Copy your URL. You will use this to configure your Twitter app.
Navigate to the Twitter Developers website, sign in with your Twitter account credentials, and click Create New App.
Type in the Name and a Description for your new app. Paste in your application's URL for the Website value. Then, for the Callback URL, paste the Callback URL you copied earlier. This is your Mobile App gateway appended with the path, /.auth/login/twitter/callback. For example,
https://contoso.azurewebsites.net/.auth/login/twitter/callback. Make sure that you are using the HTTPS scheme.
At the bottom the page, read and accept the terms. Then click Create your Twitter application. This registers the app displays the application details.
Click the Settings tab, check Allow this application to be used to sign in with Twitter, then click Update Settings.
Select the Keys and Access Tokens tab. Make a note of the values of Consumer Key (API Key) and Consumer secret (API Secret).
The consumer secret is an important security credential. Do not share this secret with anyone or distribute it with your app.
Back in the Azure portal, navigate to your application. Click Settings, and then Authentication / Authorization.
If the Authentication / Authorization feature is not enabled, turn the switch to On.
Click Twitter. Paste in the App ID and App Secret values which you obtained previously. Then click OK.
By default, App Service provides authentication but does not restrict authorized access to your site content and APIs. You must authorize users in your app code.
(Optional) To restrict access to your site to only users authenticated by Twitter, set Action to take when request is not authenticated to Twitter. This requires that all requests be authenticated, and all unauthenticated requests are redirected to Twitter for authentication.
Restricting access in this way applies to all calls to your app, which may not be desirable for apps wanting a publicly available home page, as in many single-page applications. For such applications, Allow anonymous requests (no action) may be preferred, with the app manually starting login itself, as described here.
- Click Save.
You are now ready to use Twitter for authentication in your app.