Use Log in with X, also known as Sign in with X, to place a button on your site or application which allows X users to enjoy the benefits of a registered user account in as little as one click. This works on websites, iOS, mobile, and desktop applications.

Features

  • Ease of use - A new visitor to your site only has to click two buttons in order to log in for the first time.
  • X integration - The Log in with X flow can grant authorization to use X APIs on your users’ behalf.
  • OAuth based - A wealth of client libraries and example code are compatible with the Log in with X API.

Available for

  • Browsers - If your users can access a browser, you can integrate with Log in with X. Learn about the browser sign in flow.
  • Mobile devices - Any web-connected mobile device can take advantage of Log in with X. Learn about the mobile sign in flow.

Implementing Log in with X

The browser and mobile web implementations of Log in with X are based on OAuth. This page demonstrates the requests needed to obtain an access token for the sign in flow.

To use the “Log in with X” flow, please go to your X app settings and ensure that the “Allow this app to be used to Sign in with X?” option is enabled.

This page assumes that the reader knows how to sign requests using the OAuth 1.0a protocol. If you want to know how to sign a request, read the Authorizing a request page.

If you want to check the signing of the requests on this page, the consumer secret used is: L8qq9PZyRg6ieKGEKhZolGC0vJWLw8iEJ88DRdyOg. This value is for test purposes and will not work for real requests.

The three steps for implementing Log in with X through obtaining a request token, redirecting a user, and converting a request token into an access token are listed below.

Step 1: Obtaining a request token

To start a sign-in flow, your X app must obtain a request token by sending a signed message to POST oauth/request_token. The only unique parameter in this request is oauth_callback, which must be a URL-encoded version of the URL you wish your user to be redirected to when they complete step 2. The remaining parameters are added by the OAuth signing process.

Note: Any callback URL that you use with the POST oauth/request_token endpoint will have to be registered within the X app settings in the developer portal.

Example request (Authorization header has been wrapped):

POST /oauth/request_token HTTP/1.1
User-Agent: themattharris' HTTP Client
Host: api.x.com
Accept: */*
Authorization:
        OAuth oauth_callback="http%3A%2F%2Flocalhost%2Fsign-in-with-twitter%2F",
              oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w",
              oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456",
              oauth_signature="F1Li3tvehgcraF8DMJ7OyxO4w9Y%3D",
              oauth_signature_method="HMAC-SHA1",
              oauth_timestamp="1318467427",
              oauth_version="1.0"

Your app should examine the HTTP status of the response. Any value other than 200 indicates a failure. The body of the response will contain the oauth_token, oauth_token_secret, and oauth_callback_confirmed parameters. Your app should verify that oauth_callback_confirmed is true and store the other two values for the next steps.

Example response (response body has been wrapped):

HTTP/1.1 200 OK
Date: Thu, 13 Oct 2011 00:57:06 GMT
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 146
Pragma: no-cache
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
Vary: Accept-Encoding
Server: tfe

oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&
oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI&
oauth_callback_confirmed=true

Log in with X Resources

Client libraries

The client libraries listed at X libraries will help implement Log in with X. Use the /oauth/authenticate endpoint, as described in the previous steps.

Buttons

X would prefer your application to use the following buttons for consistent branding. Save these images to host on your own servers.

Sign in with X (button style):

Sign in with X (link style):

OverviewBest practices