Skip to content

Adding Twitter.gs #337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 24, 2022
Merged

Adding Twitter.gs #337

merged 2 commits into from
Jan 24, 2022

Conversation

choraria
Copy link

Makes use of Twitter API v2 along with OAuth 2.0 for Making requests on behalf of users — https://developer.twitter.com/en/docs/authentication/oauth-2-0/user-access-token
Adding Twitter.gs
213ec03 
Makes use of Twitter API v2 along with OAuth 2.0 for Making requests on behalf of users — https://developer.twitter.com/en/docs/authentication/oauth-2-0/user-access-token
sqrrrl
sqrrrl reviewed Jan 21, 2022
View reviewed changes
samples/Twitter.gs
function getService() {
return OAuth2.createService('Twitter')
// Set the endpoint URLs.
.setAuthorizationBaseUrl(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If supplying PKCE parameters, would be better to show how to do it properly.

  • the code_challenge_method should be S256. Plaintext is much weaker.
  • the code_challenge value should be a the base64 encoded sha256 hash of a randomly generated value
  • The raw challenge value needs to be durable so it can be provided in the auth callback

Granted, PKCE is meant more for public clients that can't keep secrets, so less of an issue for apps script. Also we may want to see if we can just build PKCE support into the library itself since it's standardized.
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sqrrrl — was able to accommodate the following changes:

  • changed code_challenge_method from plain to S256
  • the code_challenge value is now a base64 encoded sha256 hash of a randomly generated value
PKCE improvements
aaa60f9 
- changed `code_challenge_method` from `plain` to `S256` - the `code_challenge` value is now a base64 encoded sha256 hash of a randomly generated value
sqrrrl
sqrrrl requested changes Jan 24, 2022
View reviewed changes
samples/Twitter.gs

var sha256Hash = Utilities.computeDigest(Utilities.DigestAlgorithm.SHA_256, verifier)

var challenge = Utilities.base64Encode(sha256Hash)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://developers.google.com/apps-script/reference/utilities/utilities#base64EncodeWebSafe(Byte)
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sqrrrl — tried Utilities.base64EncodeWebSafe but it still ended up creating an = at the end 😕

Screenshot 2022-01-24 at 23 38 00

Figured it might be best to adapt the snippet from the official docs

Screenshot 2022-01-24 at 23 40 02

You can try meddling with just the PKCE parts using this script — I wrote a small post about it too 😅
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Padding is allowed in websafe base64, but looks like twitter is particularly sensitive to it :(
@sqrrrl sqrrrl merged commit 3adda8a into googleworkspace:master Jan 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@choraria @sqrrrl