sources/oauth/twitter: update fields, scopes and profile URL to match current X API

[muien5080]

This updates the Twitter OAuth2 source so it aligns with the current X API requirements. The previous implementation did not request the required user.fields and was missing newer scopes, which caused the Twitter login flow to fail.

This PR updates the profile URL to include the correct fields, adds the required scopes, and expands the user property mapping to match the response returned by X.

closes #18466

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	f578f7d
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/6936c6be32fd5c00087d9022
😎 Deploy Preview	https://deploy-preview-18670--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	f578f7d
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/6936c6bed980ef000865fa80
😎 Deploy Preview	https://deploy-preview-18670--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	f578f7d
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/6936c6be7dff2c00088eb52e

[sayah-y]

Thanks

[sayah-y]

According to this doc, fields id, name and username are marked as default (always included).
I think it's better to specify them not to depends on the X Api changes. But in this case, id is missing.
It will give:
profile_url = "https://api.twitter.com/2/users/me?user.fields=id,name,username,confirmed_email,profile_image_url,verified"

[sayah-y]

I think we can delete this line because this doc tells thats this field is named confirmed_email, no need to check for an alternative name.

[sayah-y]

According to this doc, to get the email, we must add the following scope: users.email

[muien5080]

#18670
The requested changes have been pushed. Let me know if anything else should be updated.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.09%. Comparing base (37ca473) to head (f578f7d).
⚠️ Report is 15 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #18670      +/-   ##
==========================================
- Coverage   93.21%   93.09%   -0.12%     
==========================================
  Files         933      929       -4     
  Lines       51255    51176      -79     
==========================================
- Hits        47775    47643     -132     
- Misses       3480     3533      +53     

Flag	Coverage Δ
e2e	44.56% <50.00%> (-0.20%)	⬇️
integration	23.09% <50.00%> (+0.28%)	⬆️
unit	91.41% <100.00%> (-0.03%)	⬇️
unit-migrate	91.44% <100.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sayah-y]

Thanks for taking into account my feedbacks 👍