Configuring Twitter login (and rich embeds) for Discourse

(Jeff Atwood) #1
  1. Go to and sign in with a Twitter account.
    1a. If you have not yet created a Twitter developer account, you will be asked to create one. Click the ‘Apply for a developer account’ button, follow the instructions for creating an account, and then click the link in the verification email you are sent. That brings you to a Welcome page where you can create a new app.

  2. Click the Create New App button.

    2a. Enter a name and description for your forum.

    2b. Enter in the Website field obviously, replacing the domain with your site’s actual domain name and matching the correct protocol, HTTP or HTTPS.

    2c. Enter in the Callback URL field.

    2d. Agree to the legal stuff and click the Create your Twitter application button.

  3. In the Settings tab, enter in the Privacy Policy URL field and in the Terms of Service URL field,
    then check “Allow this application to be used to Sign in with Twitter

  4. Click Update Settings.

  5. In the Permissions tab, choose “Read Only”, and “Request email addresses from users”, then click Update Settings.

  6. Click on the Keys And Access Tokens tab.
    Copy the API key and API secret and paste it in the twitter_consumer_key and twitter_consumer_secret settings in the Login section of your Discourse site (/admin/site_settings/category/login).

  7. Be sure to enable the site setting enable twitter logins

Rich Embeds

The above steps also apply if you want to enable “rich embedding” of tweets with pictures and more. If you want rich embeds but don’t need Twitter login, simply uncheck enable twitter logins and leave the consumer key and secret intact.

Twitter Login Troubleshooting
Hint for registering app with twitter Twitter should list (instead of
Configure oauth callback urls
Ability to embed Tweets in posts
[Paid] Discourse configuration changes
Twitter Login and signup error
(Uwe Keim) #15

If you are getting the following error:

You must confirm your email address prior to creating an application. Please read for more information

(like me), the solution is to change your e-mail address forth and back again (i.e. confirm it twice).

See here for details.

1 Like
(Wesley) #19

Has anyone found a way to add several callback URLs to the same Twitter app? This is possible with Google and Facebook but I can’t find a way to do it with Twitter!

(Brahn) #21

I just noticed that twitter now has “Additional Permissions”:

Is ticking this on going to be enough or does something need to change in Discourse?

(Jeff Atwood) #22

Oh nice, can we look into this next week @eviltrout? Thanks for letting us know @brahn.

(Robin Ward) #25

This works quite nicely now! I’ve added support for emails via Twitter in this commit:

Note that for emails to work the user must also set up a privacy policy and terms of service when setting up their twitter account. Fortunately Discourse provides both so it’s just a matter of filling in those two fields. Once you’re done that, click the email option, and Discourse will happily make use of that email!

(Jeff Atwood) #26

Fantastic, confirmed working 100% here on meta. I’ve also updated the first post to reflect the new setup.

(khalido) #27

I have successfully set up twitter logins and it works, but I don’t see how to associate a twitter login to an existing account.

I’d like a way in the admin panel of an existing user to associate a twitter/fb login.

At the moment it seems that with Discourse 1.6 I can only setup a new user with the twitter login.

(Rafael dos Santos Silva) #28

If emails match the association is automatic.

(khalido) #29

Thanks. I found FB logins match existing user, but twitter wasn’t. Anyways, FB working is enough so thats good.

(Emilio F Castillo) #30

I followed the steps and have double checked myself. When I click on the “test OAuth” button I get a “page does not exist” error message.

I am entering https in the website URLs…should that be http?

The enable call back locking is NOT checked. Should it be?

This is the call back URL I am using:

(Carlo) #31

Hi. Thanks for this tutorial.

Actually it works when you leave permission to “Read and Write” and uncheck required email.
For me step 9 did not work. But it may work for others.

(Jeff Atwood) #32

Write is highly not recommended.

(Carlo) #33


Ok I’ll change that then tks!

(Mark Pors) #34

Great walkthrough! You might want to add that it is required to check the “enable twitter logins” checkbox. I know it is obvious, but when following the steps one tends to overlook that (at least I did).

(Daniela) #35

Guide updated, images added.


(Michael Brown) #36

I’m getting this error trying to login with Twitter on a site we host:

The software powering this discussion forum encountered an unexpected problem. We apologize for the inconvenience.

Detailed information about the error was logged, and an automatic notification generated. We'll take a look at it.

No further action is necessary. However, if the error condition persists, you can provide additional detail, including steps to reproduce the error, by posting a discussion topic in the site's feedback category.

In the /logs it just says:

OAuth::Unauthorized (401 Authorization Required)
/var/www/discourse/vendor/bundle/ruby/2.4.0/gems/oauth-0.5.1/lib/oauth/consumer.rb:217:in `token_request'

I’m not sure what’s wrong with the Twitter app but we could use a better error message than that.

EDIT: the problem was a case mismatch in the site hostname in the Twitter application, but regardless we could give a nicer error.

(Jeff Atwood) #37

That seems like a rare case, and probably mishandled by Twitter as well. I’d apply the rule of three here: we need to see this error happen three times on three different sites before we need to do anything about it, otherwise we’re taking action prematurely & speculatively.

(Neil Lalonde) #42

Note that the “Callback URL” field is now mandatory. If you omitted it in your setup, Twitter login will fail with a 403 unauthorized error.

Also note that if you have any extra spaces at the beginning or end of your callback urls, auth will fail. You can find other discussions about this change on the Twitter Community.

(Charles Walter) #43

Just noticed we were getting the same error on our site with Twitter auth. I noticed Twitter has a new process for authorizing developer apps, so we are going through the approval process. Not sure if it is related, or if this problem has just been in place for a long time now.

1 Like