How to use Twitter as Identity Provider on Access Control Service?

Question

Hello,

OOTB we can define and use LiveID, Google, Yahoo, and Facebook on ACS, if i want to add Twitter to my ACS authentication module, how can i do that?

Regards,

Alen

Answer 1

Azure ACS supports OAuth WRAP and OAuth 2.0 but unfortunately Twitter supports OAuth 1.0A only. I'm afraid we cannot configure Twitter as an identity provider in ACS, at least for now.

Answer 2

@zwc2 is correct. However you could create an OAuth 1 relying party and have it convert the token to OAuth2.

Your RP (signin) -> ACS -> Your custom converter (302 redirect) -> Twitter Auth (get OAuth1) -> Your custom converter (convert oauth1 to oauth2)  -> ACS -> Your RP.

Not the most elegant, but it might work.

---

Developer Security MVP | www.steveonsecurity.com

Answer 3

Steve,

That would be awesome and sounds like a great community project for CodePlex. :)

Eric

---

Eric D. Boyd - Director, Chicago + Cloud at Centare 
Blog | twitter

Answer 4

Hmm...

---

Developer Security MVP | www.steveonsecurity.com

Answer 5

+1 for a way to make it work...

Answer 6

Its important to put up such engineering messes, as a market hits its inflection point and goes commodity. What matters is that nothing stops mass adoption, including endless gateway chains. Noone must feel excluded.

Commoditization will soon remove the chaff. Too much gatewaying defeats the flexibility of the bridging-based open architecture, becoming a unsustainable support cost and fragile user experience.

I have a simple cutoff point for IDPs - based on the number of support calls we receive (as SP). Once it hits X, the IDP is removed. I have no intention of adding Twitter back (even though we ran the gateway). We just cannot afford the cost of supporting users arriving from that channel.

Answer 7

Here's a simple STS for twitter that you can plug into ACS:

https://gist.github.com/1869974

I've also put one up for Windows Live (includes name and email claims, extend as needed):

https://gist.github.com/1867792

Both are built off of the Thinktecture Starter STS (ported to MVC4).

All you really need to do (aside from above) is attach the claims you need in GetOutputClaimsIdentity.

Answer 8

I have this up and running.

How do I integrate it with you code?

Would you recommend to use Thinktecture instead? 

Answer 9

Hi , if you could provide us with a sample application or detail steps on how to plug the above custom twitter STS into ACS that will be really helpful...

Answer 10

Hi,

Anyone got the solution to integrate twitter in ACS.

Please let me know if someone resolve or found solution.

Thanks:

Komal Ahirwal

Answer 11

At this time, the only way to make this work is to add your own custom STS that speaks a protocol ACS understands (such as WS-Federation or OpenID) as an identity provider in between ACS and Twitter. This requires a non-trivial amount of work, but it is certainly possible.

Answer 12

Suppose it might be helpful for you: Twitter WS-Federation STS for ACS.

It's ASP.NET MVC app, just change Web.config configuration settings and add it in ACS Management portal as "WS-Federation identity provider". Metadata for it can be reached at /wsfederation/twittermetadata