Skip to main content
Glama
baryhuang

MCP Server - Twitter NoAuth

by baryhuang
OverviewSchemaRelated ServersScoreDiscussions
Python
Remote

twitter_refresh_token

Refresh Twitter OAuth2 access tokens using a refresh token and client credentials to maintain API access for Twitter operations without local credential setup.

Instructions

Refresh the access token using the refresh token and client credentials

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
twitter_access_tokenNoTwitter OAuth2 access token (optional if expired)
twitter_client_idYesTwitter OAuth2 client ID for token refresh
twitter_client_secretNoTwitter OAuth2 client secret (required only for confidential clients)
twitter_refresh_tokenYesTwitter OAuth2 refresh token

Implementation Reference

  • src/mcp_server_twitter_noauth/server.py:611-635 (handler)
    Handler logic in the @server.call_tool() function that processes the twitter_refresh_token tool call, extracts arguments, initializes TwitterClient, and invokes the refresh_token method.
    if name == "twitter_refresh_token":
    # For refresh token, we need refresh token, client ID and secret
    refresh_token = arguments.get("twitter_refresh_token")
    client_id = arguments.get("twitter_client_id")
    client_secret = arguments.get("twitter_client_secret")  # Optional for public clients
    access_token = arguments.get("twitter_access_token")  # Optional for refresh
    
    if not refresh_token:
        raise ValueError("twitter_refresh_token is required for token refresh")
    
    if not client_id:
        raise ValueError("twitter_client_id is required for token refresh")
    
    # Initialize Twitter client for token refresh
    twitter = TwitterClient(
        access_token=access_token, 
        refresh_token=refresh_token,
        client_id=client_id,
        client_secret=client_secret
    )
    
    # Call the refresh_token method
    results = twitter.refresh_token(client_id=client_id, client_secret=client_secret)
    return [types.TextContent(type="text", text=results)]
  • src/mcp_server_twitter_noauth/server.py:523-532 (schema)
    Input schema definition for the twitter_refresh_token tool, specifying properties and required fields.
    inputSchema={
    "type": "object",
    "properties": {
        "twitter_access_token": {"type": "string", "description": "Twitter OAuth2 access token (optional if expired)"},
        "twitter_refresh_token": {"type": "string", "description": "Twitter OAuth2 refresh token"},
        "twitter_client_id": {"type": "string", "description": "Twitter OAuth2 client ID for token refresh"},
        "twitter_client_secret": {"type": "string", "description": "Twitter OAuth2 client secret (required only for confidential clients)"}
    },
    "required": ["twitter_refresh_token", "twitter_client_id"]
},
  • src/mcp_server_twitter_noauth/server.py:520-533 (registration)
    Registration of the twitter_refresh_token tool in the @server.list_tools() handler, including name, description, and schema.
    types.Tool(
    name="twitter_refresh_token",
    description="Refresh the access token using the refresh token and client credentials",
    inputSchema={
        "type": "object",
        "properties": {
            "twitter_access_token": {"type": "string", "description": "Twitter OAuth2 access token (optional if expired)"},
            "twitter_refresh_token": {"type": "string", "description": "Twitter OAuth2 refresh token"},
            "twitter_client_id": {"type": "string", "description": "Twitter OAuth2 client ID for token refresh"},
            "twitter_client_secret": {"type": "string", "description": "Twitter OAuth2 client secret (required only for confidential clients)"}
        },
        "required": ["twitter_refresh_token", "twitter_client_id"]
    },
),
  • src/mcp_server_twitter_noauth/server.py:133-215 (helper)
    Core implementation of token refresh logic in TwitterClient class, performing the OAuth2 refresh token request to Twitter API.
    def refresh_token(self, client_id: str, client_secret: str = None) -> str:
    """Refresh the access token using the refresh token
    
    Args:
        client_id: Twitter OAuth2 client ID
        client_secret: Twitter OAuth2 client secret (only required for confidential clients)
    """
    if not self._refresh_token:  # Changed to use the renamed attribute
        return json.dumps({
            "error": "No refresh token provided",
            "status": "error"
        })
        
    try:
        # Set up the request to refresh the token
        url = self.oauth_url
        
        headers = {
            "Content-Type": "application/x-www-form-urlencoded"
        }
        
        # For confidential clients, add Authorization header
        if client_id and client_secret:
            # Create basic auth header for confidential clients
            auth_string = f"{client_id}:{client_secret}"
            encoded_auth = base64.b64encode(auth_string.encode()).decode()
            headers["Authorization"] = f"Basic {encoded_auth}"
        
        # Prepare request data based on Twitter's OAuth2 implementation
        data = {
            "grant_type": "refresh_token",
            "refresh_token": self._refresh_token,  # Changed to use the renamed attribute
        }
        
        # Client ID is required in the body for public clients
        if not client_secret:
            data["client_id"] = client_id
        
        response = requests.post(url, headers=headers, data=data)
        response.raise_for_status()
        
        token_data = response.json()
        logger.debug(f"Token refresh response: {token_data}")
        
        # Update access token for API calls
        self.access_token = token_data.get("access_token")
        
        # Update refresh token if a new one is provided
        new_refresh_token = token_data.get("refresh_token")
        if new_refresh_token:
            self._refresh_token = new_refresh_token  # Changed to use the renamed attribute
        
        # Calculate expiration time if provided
        expires_in = token_data.get("expires_in")
        expires_at = None
        
        if expires_in:
            expires_at = datetime.now() + timedelta(seconds=expires_in)
        
        # Return the new access token and its expiration
        return json.dumps({
            "access_token": self.access_token,
            "expires_at": expires_at.isoformat() if expires_at else None,
            "expires_in": expires_in,
            "refresh_token": token_data.get("refresh_token", self._refresh_token),  # Changed to use the renamed attribute
            "scope": token_data.get("scope", ""),
            "status": "success"
        })
        
    except requests.exceptions.RequestException as e:
        logger.error(f"Token refresh error: {str(e)}")
        return json.dumps({
            "error": "Token refresh failed. Please provide valid client ID and client secret.",
            "details": str(e),
            "status": "error"
        })
    except Exception as e:
        logger.error(f"Exception: {str(e)}")
        return json.dumps({
            "error": str(e),
            "status": "error"
        })

Tool Definition Quality

C2.9/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It mentions using 'refresh token and client credentials' but doesn't disclose behavioral traits like whether this invalidates old tokens, requires specific permissions, has rate limits, or what the output looks like (no output schema). For a security-sensitive tool, this is inadequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core action ('Refresh the access token') without unnecessary words. Every part earns its place by specifying the method and resources used.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of OAuth2 token refresh, no annotations, and no output schema, the description is incomplete. It lacks details on authentication flow, error handling, or return values, leaving significant gaps for the agent to operate safely and effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so parameters are well-documented in the schema. The description adds minimal value beyond the schema by implying the purpose of refresh but doesn't provide additional context like parameter interactions or edge cases. Baseline 3 is appropriate as the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Refresh') and the resource ('access token'), specifying it uses 'refresh token and client credentials'. It distinguishes from siblings like posting or searching tweets by focusing on authentication renewal. However, it doesn't explicitly contrast with other auth-related tools (none listed), so it's not a perfect 5.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance on when to use this tool versus alternatives is provided. The description implies it's for refreshing tokens but doesn't specify prerequisites (e.g., when access token expires), exclusions, or how it relates to initial authentication. With no annotations, this leaves the agent guessing about context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/baryhuang/mcp-twitter-noauth'

If you have feedback or need assistance with the MCP directory API, please join our Discord server