Skip to content

[codex] Add X OAuth1 publisher support#4

Merged
deitxfge merged 1 commit into
mainfrom
codex/x-oauth1-publisher
Jun 5, 2026
Merged

[codex] Add X OAuth1 publisher support#4
deitxfge merged 1 commit into
mainfrom
codex/x-oauth1-publisher

Conversation

@skyloevil

@skyloevil skyloevil commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

  • Add OAuth 1.0a User Context signing for the X publisher while preserving the existing OAuth 2.0 user bearer-token path.
  • Update local config, .env.example, and README guidance to use api_key, api_key_secret, access_token, and access_token_secret instead of app-only bearer tokens.
  • Extend config and publisher tests for OAuth 1.0a credential validation and signed request headers.

Why

X POST /2/tweets requires user-context authentication. App-only bearer tokens cannot publish tweets, and the previous implementation only sent a bearer token. OAuth 1.0a User Context matches the working credential flow from the X Developer Portal Access Token and Secret page.

Validation

  • uv run ruff check backend/app/publishers/x/publisher.py backend/app/config/settings.py tests/test_config.py tests/test_publishers.py
  • uv run pytest
  • Live X API validation was performed locally with credentials passed only through the process environment. No secret files or real keys were committed.

Send verification succeeded.

Authentication result:

  • Account: @skyloevil
  • Name: Skyloevil
  • user_id: 2868899598

Successfully created 1 test X Post:

The local code now works with OAuth 1.0a User Context. Store the four credentials in your local .env or deployment environment variable X_PUBLISHER_CREDENTIALS, and do not commit them to the repository.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 3, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for OAuth 1.0a User Context credentials to the X (Twitter) publisher, updating documentation, configuration validation, and adding the signature generation logic along with corresponding tests. Feedback on these changes suggests adding defensive type checks for the credentials object to prevent potential AttributeErrors, passing digestmod as a keyword argument in hmac.new for robustness, and keeping the X publisher disabled by default in config/local.yaml to ensure local development safety.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread backend/app/publishers/x/publisher.py
Comment thread backend/app/publishers/x/publisher.py
Comment thread backend/app/publishers/x/publisher.py
Comment thread config/local.yaml
@skyloevil skyloevil marked this pull request as ready for review June 3, 2026 17:34
@deitxfge deitxfge merged commit cf25938 into main Jun 5, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deitxfge deitxfge deitxfge approved these changes
+1 more reviewer
@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

@deitxfge deitxfge

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skyloevil @deitxfge