Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.replit.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through creating an X OAuth app in the X Developer Portal. You’ll collect a Client ID and Client Secret to plug into the Auth pane.
This page covers only the provider-side setup in the X Developer Portal. For the overall Clerk Auth flow — including enabling X and entering credentials in the Auth pane — see Configuring OAuth credentials for an SSO provider in the Clerk Auth doc.

Prerequisites

  • An X Developer account (free tier available)
  • A published Replit app — custom OAuth credentials are only available in the Production environment
  • The X provider’s edit panel opened in: Auth paneConfigure tab → SSO providers section → select the Production environment → select Edit next to X

Step 1: Set up X Developer app

Create a developer account (if needed)

  1. Navigate to X Developer Portal
  2. Apply for a developer account if you don’t have one
  3. Complete the application describing your use case

Create or select an app

  1. In the X Developer Portal, go to Projects & Apps
  2. Use an existing app or select Add App
  3. Enter an app name and select Next
  4. Select App settings

Step 2: Configure authentication

  1. Scroll to User authentication settings
  2. Select Set up
App permissions: Select minimum permission level:
  • Read - Required for user profile (minimum)
  • Write - For posting on behalf of users (optional)
  • Direct Messages - For DM access (optional)
Permissions must match scopes requested. If your app requests tweet.write but you only enabled Read, authentication will fail.
Type of app: Select Web App, Automated App or Bot App info:
  • Callback URI / Redirect URL: Copy the value shown under Provider setup in the Auth pane
  • Website URL: Copy the value shown under Provider setup in the Auth pane
See Configuring OAuth credentials for an SSO provider for how to find these values.
  1. Select Save
  2. Save your Client ID and Client Secret
Store your Client Secret securely. If lost, regenerating it invalidates the old one.

Troubleshooting

Redirect URI mismatch

  • Verify the Callback URI exactly matches the value shown under Provider setup in the Auth pane
  • Check for typos or incorrect protocols
  • No trailing slashes

Invalid client

  • Double-check Client ID and Client Secret
  • Ensure no extra spaces
  • Verify you are using OAuth 2.0 credentials (not OAuth 1.0a)

Scope/permission errors

  • Verify scopes match permissions enabled in X Developer Portal
  • Ensure Read permission is enabled at minimum

App in development mode

  • X apps start in development mode with limited users
  • You may need to apply for elevated access for production use

Not working on custom domain

  • Update the Website URL and Callback URI to the custom-domain values shown under Provider setup in the Auth pane

Additional resources