How to use Twitter as Identity Provider on Access Control Service?


  • Hello,

    OOTB we can define and use LiveID, Google, Yahoo, and Facebook on ACS, if i want to add Twitter to my ACS authentication module, how can i do that?



    martes, 23 de agosto de 2011 10:42


Todas las respuestas

  • Azure ACS supports OAuth WRAP and OAuth 2.0 but unfortunately Twitter supports OAuth 1.0A only. I'm afraid we cannot configure Twitter as an identity provider in ACS, at least for now.
    • Propuesto como respuesta Seetha_ viernes, 26 de agosto de 2011 5:08
    • Marcado como respuesta Wenchao Zeng jueves, 01 de septiembre de 2011 8:43
    miércoles, 24 de agosto de 2011 6:49
  • @zwc2 is correct. However you could create an OAuth 1 relying party and have it convert the token to OAuth2.

    Your RP (signin) -> ACS -> Your custom converter (302 redirect) -> Twitter Auth (get OAuth1) -> Your custom converter (convert oauth1 to oauth2)  -> ACS -> Your RP.

    Not the most elegant, but it might work.

    Developer Security MVP |
    • Marcado como respuesta Wenchao Zeng jueves, 01 de septiembre de 2011 8:43
    miércoles, 24 de agosto de 2011 16:31
  • Steve,

    That would be awesome and sounds like a great community project for CodePlex. :)


    Eric D. Boyd - Director, Chicago + Cloud at Centare 
    Blog | twitter
    miércoles, 24 de agosto de 2011 17:36
  • Hmm...
    Developer Security MVP |
    miércoles, 24 de agosto de 2011 17:48
  • +1 for a way to make it work...
    lunes, 14 de noviembre de 2011 8:28
  • Its important to put up such engineering messes, as a market hits its inflection point and goes commodity. What matters is that nothing stops mass adoption, including endless gateway chains. Noone must feel excluded.

    Commoditization will soon remove the chaff. Too much gatewaying defeats the flexibility of the bridging-based open architecture, becoming a unsustainable support cost and fragile user experience.

    I have a simple cutoff point for IDPs - based on the number of support calls we receive (as SP). Once it hits X, the IDP is removed. I have no intention of adding Twitter back (even though we ran the gateway). We just cannot afford the cost of supporting users arriving from that channel.

    lunes, 14 de noviembre de 2011 17:54
  • Here's a simple STS for twitter that you can plug into ACS:

    I've also put one up for Windows Live (includes name and email claims, extend as needed):

    Both are built off of the Thinktecture Starter STS (ported to MVC4).

    All you really need to do (aside from above) is attach the claims you need in GetOutputClaimsIdentity.

    lunes, 20 de febrero de 2012 16:33
  • I have this up and running.

    How do I integrate it with you code?

    Would you recommend to use Thinktecture instead? 

    martes, 15 de mayo de 2012 20:36
  • Hi , if you could provide us with a sample application or detail steps on how to plug the above custom twitter STS into ACS that will be really helpful...
    martes, 26 de febrero de 2013 13:47
  • Hi,

    Anyone got the solution to integrate twitter in ACS.

    Please let me know if someone resolve or found solution.


    Komal Ahirwal

    martes, 26 de febrero de 2013 14:23
  • At this time, the only way to make this work is to add your own custom STS that speaks a protocol ACS understands (such as WS-Federation or OpenID) as an identity provider in between ACS and Twitter. This requires a non-trivial amount of work, but it is certainly possible.
    martes, 26 de febrero de 2013 22:39
  • Suppose it might be helpful for you: Twitter WS-Federation STS for ACS.

    It's ASP.NET MVC app, just change Web.config configuration settings and add it in ACS Management portal as "WS-Federation identity provider". Metadata for it can be reached at /wsfederation/twittermetadata

    martes, 23 de abril de 2013 20:50