Hi everybody!) Has anyone implemented login with twitter on self-hosted kratos?) It seems almost working with a couple of workarounds:

config:
        providers:
          - id: twitter
            provider: generic
            client_id: bWJ
            client_secret: JL8
            mapper_url: file:///etc/config/kratos/oidc.twitter.jsonnet
            issuer_url: <http://spa.lvh.me> # my own .well-known implementation
            scope:
              - users.read

spa.lvh.me/.well-known/openid-configuration:

{
  "issuer": "<http://spa.lvh.me>",
  "authorization_endpoint": "<https://twitter.com/i/oauth2/authorize>",
  "token_endpoint": "<https://api.twitter.com/2/oauth2/token>",
  "userinfo_endpoint": "<https://api.twitter.com/2/users/me>",
  "jwks_uri": "<https://api.twitter.com/.well-known/jwks.json>",
  "response_types_supported": [
    "code",
    "token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "read",
    "write",
    "users.read"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic"
  ],
  "claims_supported": [
    "sub",
    "name",
    "email",
    "profile_image_url_https"
  ]
}

and I’m stuck: it seems that

kratos

adds unsupported(by twitter)

openid

scope, that makes access request invalid. Also, there is no code challenge in request 😞 google does not seem to have an answer on this, I saw a forked repo that shows how to implement this (without PR to main) Thank you in advance!