> ## Documentation Index
> Fetch the complete documentation index at: https://authsome.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# X (Twitter)

> Log in to X (Twitter) from authsome via OAuth2. Tokens are stored locally and refreshed automatically.

X (Twitter) is a bundled OAuth2 provider in authsome. Reading and writing tweets, user lookup, and offline access (refresh tokens).

## At a glance

|                           |                                                             |
| ------------------------- | ----------------------------------------------------------- |
| Provider name             | `x`                                                         |
| Display name              | X (Twitter)                                                 |
| Auth type                 | OAuth2                                                      |
| Default flow              | `pkce`, PKCE browser flow                                   |
| PKCE supported            | Yes                                                         |
| Device code supported     | No                                                          |
| DCR supported             | No                                                          |
| Default scopes            | `tweet.read`, `tweet.write`, `users.read`, `offline.access` |
| Proxy host                | `api.twitter.com`                                           |
| Env var (`access_token`)  | `X_ACCESS_TOKEN`                                            |
| Env var (`refresh_token`) | `X_REFRESH_TOKEN`                                           |

## Prerequisites

You need to register an OAuth app with X (Twitter) once. Create a project and app in the X developer portal. Enable OAuth 2.0, set the callback URL, and copy the client ID and secret.

The redirect URI must be:

```text theme={null}
http://127.0.0.1:7998/auth/callback/oauth
```

This is the only callback URL authsome's PKCE flow listens on.

Dashboard: [https://developer.twitter.com/en/portal/dashboard](https://developer.twitter.com/en/portal/dashboard).

## Log in

```bash theme={null}
authsome login x
```

The first time, authsome opens a local form at `http://127.0.0.1:7998` to collect your `client_id` and `client_secret`. They are encrypted in your vault and reused on every subsequent login. A second browser window then opens to `https://twitter.com/i/oauth2/authorize` for the authorization step.

Verify:

```bash theme={null}
authsome get x --field status
# → connected
```

## Custom scopes

The bundled definition requests `tweet.read`, `tweet.write`, `users.read`, `offline.access`. Override at login time:

```bash theme={null}
authsome login x --scopes "<comma-separated>"
```

The granted scopes are stored on the connection and visible in `authsome get x`.

## Multiple accounts

Pass `--connection <name>` on `login` and on every read command to keep two or more accounts on the same provider side by side. See [Multiple connections per provider](/guides/multiple-connections) for the full pattern.

```bash theme={null}
authsome login x --connection personal
authsome login x --connection work
```

## Use the token

Run the agent under the proxy (recommended).

<CodeGroup>
  ```bash Proxy (recommended) theme={null}
  authsome run -- python my_agent.py
  ```

  ```bash Environment theme={null}
  eval "$(authsome export x --format env)"
  ```
</CodeGroup>

Under the proxy, authsome sets `X_ACCESS_TOKEN=authsome-proxy-managed` in the child's environment and injects the real token into outbound requests to `api.twitter.com`. The child process never sees the actual value. Refresh tokens are never exported.

## Override the bundled definition

```bash theme={null}
authsome inspect x > ~/.authsome/providers/x.json
# edit scopes, base_url, or anything else
authsome list   # source now shows "custom" for x
```

User-registered files always win over bundled definitions.

## What's next

<Columns cols={2}>
  <Card title="Run agents with the proxy" icon="shield-halved" href="/guides/run-agents-with-proxy">
    Inject the access token into outbound requests without exposing it.
  </Card>

  <Card title="Multiple connections per provider" icon="users" href="/guides/multiple-connections">
    Keep two or more accounts on the same provider side by side.
  </Card>

  <Card title="OAuth providers" icon="right-to-bracket" href="/integrations/oauth/index">
    All bundled OAuth providers.
  </Card>
</Columns>
