Skip to main content
Glama

X MCP Server

by tomaitagaki
npmGitHub
TypeScript
2
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

X MCP Server v2.0

A comprehensive Model Context Protocol (MCP) server for X (Twitter) API v2 with multi-user OAuth 2.0 + PKCE, encrypted token storage, and automatic token refresh.

๐Ÿš€ New in v2.0

  • โœ… Multi-User Support - Multiple users with isolated tokens and sessions

  • โœ… Dual OAuth Flows - Loopback (local) + Hosted Pairing Code (remote/multi-user)

  • โœ… Encrypted Token Storage - SQLite database with OS keychain integration

  • โœ… Automatic Token Refresh - Background refresh with scope validation

  • โœ… Session Management - Secure session handling for different transports

  • โœ… Non-Browser Support - Works without browser access via pairing codes

Features

  • โœ… OAuth 2.0 Authorization Code + PKCE authentication (both flows)

  • โœ… Multi-user support with per-user token isolation

  • โœ… Encrypted local token storage (AES-256 + OS keychain)

  • โœ… Automatic token refresh and persistence

  • โœ… Scope verification and re-auth instructions

  • โœ… Rate limiting with retry/backoff logic

  • โœ… Bookmark management (list, add, remove)

  • โœ… Tweet creation (text, media, replies, quotes)

  • โœ… Session-aware MCP resources

  • โœ… Comprehensive error handling and logging

Setup

1. X Developer Account Setup

  1. Create a X Developer account

  2. Create a new app in the Developer Portal

  3. Configure OAuth 2.0 settings:

    • App permissions: Read and Write

    • Type of App: Web App

    • Callback URI: http://localhost:3000/callback (or your custom URI)

    • Website URL: Required (can be placeholder)

  4. Note your Client ID and Client Secret

2. Installation

# Clone or create the project directory cd x-mcp npm install npm run build

3. Environment Setup

Create a .env file or export environment variables:

export X_CLIENT_ID="your_client_id_here" export X_CLIENT_SECRET="your_client_secret_here" export X_REDIRECT_URI="http://localhost:3000/callback" # Optional

4. Authentication

Run the authentication helper to complete OAuth flow:

npm run auth # or node dist/auth-helper.js

This will:

  1. Open your browser to X's authorization page

  2. Start a local callback server

  3. Exchange the authorization code for tokens

  4. Save tokens to ~/.x-mcp/tokens.json

Quick Start

V2.0 Multi-User Server (Recommended)

npm install npm run build # Set environment variables export X_CLIENT_ID="your_client_id" export X_CLIENT_SECRET="your_client_secret" # Start multi-user server npm start

Authentication Flows

Local/Single-User (Loopback)

# Via MCP tool call {"method": "tools/call", "params": {"name": "auth/start", "arguments": {"mode": "loopback"}}} # Opens browser for authorization

Multi-User/Remote (Hosted Pairing)

# Enable hosted mode export X_HOSTED_MODE="true" export X_BASE_URL="https://yourapp.com" # Via MCP tool call {"method": "tools/call", "params": {"name": "auth/start", "arguments": {"mode": "hosted"}}} # Returns pairing code + login URL # Check status {"method": "tools/call", "params": {"name": "auth/status", "arguments": {"pairing_code": "ABC12345"}}}

Legacy V1.0 Server

npm run start:legacy # or node dist/index.js

MCP Tools

The server provides these tools:

bookmarks.list

List user bookmarks with pagination support.

Parameters:

  • user_id (optional): User ID (defaults to authenticated user)

  • max_results (optional): Maximum results per page (1-100, default: 10)

  • pagination_token (optional): Token for next page of results

Example:

{ "tweets": [ { "id": "1234567890", "text": "Great tweet content...", "created_at": "2023-01-01T00:00:00.000Z", "author_id": "987654321", "public_metrics": { "retweet_count": 5, "like_count": 10, "reply_count": 2, "quote_count": 1 } } ], "nextToken": "next_page_token" }

bookmarks.add

Add a tweet to bookmarks.

Parameters:

  • tweet_id (required): ID of the tweet to bookmark

  • user_id (optional): User ID (defaults to authenticated user)

Returns: { "ok": true }

bookmarks.remove

Remove a tweet from bookmarks.

Parameters:

  • tweet_id (required): ID of the tweet to remove from bookmarks

  • user_id (optional): User ID (defaults to authenticated user)

Returns: { "ok": true }

tweet.create

Create a new tweet.

Parameters:

  • text (required): Tweet text content (max 280 characters)

  • media_ids (optional): Array of media IDs to attach

  • reply (optional): Object with in_reply_to_tweet_id for replies

  • quote_tweet_id (optional): ID of tweet to quote

Example:

{ "id": "1234567890", "createdAt": "2023-01-01T00:00:00.000Z" }

MCP Resources

mcp://x/user/me

Current authenticated X user information:

{ "id": "123456789", "username": "example_user", "name": "Example User" }

mcp://x/bookmarks/latest

Last fetched bookmarks page with pagination token:

{ "tweets": [...], "nextToken": "pagination_token" }

Required Scopes

The server requires these X API scopes:

  • bookmark.read or bookmarks.read - Read bookmarks

  • bookmarks.write - Modify bookmarks

  • tweet.write - Post tweets

  • tweet.read - Read tweets (for tweet creation responses)

  • users.read - Read user information

  • offline.access - Refresh token support

If scopes are missing, the server will provide re-authentication instructions.

Rate Limiting

The server automatically handles X API rate limits:

  • โœ… Retries on 429/5xx responses with exponential backoff

  • โœ… Reads x-rate-limit-* headers for intelligent throttling

  • โœ… Surfaces MCP notifications when limits are low

  • โœ… Adapts to actual API limits (doesn't hardcode limits)

Current typical limits (may vary by plan):

  • GET bookmarks: ~180 requests per 15 minutes

  • POST/DELETE bookmarks: ~50 requests per 15 minutes

  • POST tweets: ~300 requests per 15 minutes

File Structure

src/ โ”œโ”€โ”€ index.ts # Main MCP server โ”œโ”€โ”€ auth.ts # OAuth 2.0 + PKCE implementation โ”œโ”€โ”€ auth-helper.ts # Interactive authentication flow โ”œโ”€โ”€ x-client.ts # X API client with bookmarks/tweets โ”œโ”€โ”€ http-client.ts # HTTP client with retry/rate limiting โ”œโ”€โ”€ storage.ts # Token persistence โ””โ”€โ”€ types.ts # TypeScript type definitions

Scripts

npm run build # Compile TypeScript npm start # Start v2.0 multi-user server npm run start:legacy # Start v1.0 legacy server npm run auth # Interactive OAuth helper (legacy) npm test # Run comprehensive test suite npm run dev # Development mode npm run watch # Watch mode compilation

Configuration

V2.0 Environment Variables:

  • X_CLIENT_ID - X app client ID (required)

  • X_CLIENT_SECRET - X app client secret (required)

  • X_REDIRECT_URI - OAuth redirect URI (default: http://127.0.0.1:3000/auth/x/cb)

  • X_HOSTED_MODE - Enable hosted pairing mode (true/false)

  • X_BASE_URL - Base URL for hosted mode (e.g., https://yourapp.com)

  • X_MCP_ENCRYPTION_KEY - Manual encryption key (base64, optional)

Storage Locations:

  • V2.0 Database: ~/.mcp/x/tokens.db (SQLite with encryption)

  • V1.0 Tokens: ~/.x-mcp/tokens.json (legacy JSON format)

  • Encryption Key: OS Keychain or ~/.mcp/x/.encryption_key

Error Handling

The server provides detailed error messages for:

  • โŒ Missing authentication/tokens

  • โŒ Insufficient scopes with re-auth instructions

  • โŒ API errors with request IDs (in debug mode)

  • โŒ Rate limit violations with retry guidance

  • โŒ Network errors with retry logic

Testing

Comprehensive Test Suite

npm test # Runs all tests including encryption, database, OAuth flows

Manual E2E Testing (V2.0)

  1. Start server: npm start

  2. Loopback auth: Call auth/start with mode: "loopback"

  3. Complete OAuth: Open returned URL, authorize

  4. Test bookmarks: bookmarks.list, bookmarks.add, bookmarks.remove

  5. Test tweets: tweet.create

Multi-User Testing (V2.0)

  1. Enable hosted mode: Set X_HOSTED_MODE=true, X_BASE_URL

  2. Start pairing: Call auth/start with mode: "hosted"

  3. Complete auth: Visit login URL with pairing code

  4. Check status: Call auth/status with pairing code

  5. Test with session: Include session context in subsequent calls

Legacy Testing (V1.0)

  1. Authentication: npm run auth

  2. Start legacy server: npm run start:legacy

  3. Test tools: Use existing MCP tools

Troubleshooting

Authentication Issues

  • Verify X_CLIENT_ID and X_CLIENT_SECRET are correct

  • Check that redirect URI matches your app configuration

  • Ensure your X app has correct permissions (Read and Write)

Scope Issues

  • Re-run npm run auth to get updated scopes

  • Check that your X app is configured for the required permissions

Rate Limit Issues

  • The server will automatically retry and backoff

  • Check the logs for rate limit information

  • Consider the plan limits for your X developer account

Token Issues

  • Tokens are auto-refreshed when expired

  • V2.0: Check database at ~/.mcp/x/tokens.db, run npm test for diagnostics

  • V1.0: Delete ~/.x-mcp/tokens.json and re-authenticate if needed

๐Ÿ“š Detailed Documentation

For comprehensive documentation on the new multi-user OAuth system, architecture, and advanced usage, see:

README-MULTIUSER.md - Complete v2.0 documentation with:

  • ๐Ÿ—๏ธ Detailed architecture overview

  • ๐Ÿ” Security implementation details

  • ๐Ÿ—„๏ธ Database schema and design

  • ๐Ÿ“ก Complete API reference

  • ๐Ÿงช Advanced testing scenarios

  • ๐Ÿ› ๏ธ Development and extension guide

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Enables interaction with X (Twitter) API v2 with multi-user OAuth 2.0 support, allowing users to manage bookmarks, create tweets, and access user information with encrypted token storage and automatic refresh.

  1. ๐Ÿš€ New in v2.0
    1. Features
      1. Setup
        1. 1. X Developer Account Setup
        2. 2. Installation
        3. 3. Environment Setup
        4. 4. Authentication
      2. Quick Start
        1. V2.0 Multi-User Server (Recommended)
        2. Authentication Flows
        3. Legacy V1.0 Server
        4. MCP Tools
        5. MCP Resources
      3. Required Scopes
        1. Rate Limiting
          1. File Structure
            1. Scripts
              1. Configuration
                1. V2.0 Environment Variables:
                2. Storage Locations:
              2. Error Handling
                1. Testing
                  1. Comprehensive Test Suite
                  2. Manual E2E Testing (V2.0)
                  3. Multi-User Testing (V2.0)
                  4. Legacy Testing (V1.0)
                2. Troubleshooting
                  1. Authentication Issues
                  2. Scope Issues
                  3. Rate Limit Issues
                  4. Token Issues
                3. ๐Ÿ“š Detailed Documentation

                  New MCP Servers

                  MCP directory API

                  We provide all the information about MCP servers via our MCP API.

                  curl -X GET 'https://glama.ai/api/mcp/v1/servers/tomaitagaki/x-mcp'

                  If you have feedback or need assistance with the MCP directory API, please join our Discord server