The following figure illustrates a service provider (SP)-initiated single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using the Twitter IdP Adapter.


  1. The user opens a web application and chooses the Twitter sign-on option.
  2. The sign-on link points to the Twitter IdP Adapter.
  3. The Twitter IdP Adapter requests a request token from Twitter and provides the callback URL. Twitter returns the request token.
  4. The PingFederate server redirects the user to Twitter with the request token and alist of requested permissions. On Twitter, the user authenticates their identity and then authorizes the requested permissions.

    Twitter redirects the browser to the Twitter IdP Adapter callback URL with a verification code.

    If the user fails to authenticate or does not authorize the request, the response includes an error code instead.

  5. PingFederate sends Twitter the request token and verification code. Twitter validates these components and returns an access token to the PingFederate callback URL.
  6. PingFederate sends Twitter a request for user attributes and presents the access token.
  7. PingFederate redirects the user to the web application with the user attributes.