Researching how Bearer Token is created by Twitter website – Twitter API

Why I got -4 by the community?
Nobody knows the answer so they give me -4 for asking question you cannot figure out? Please explain… The question is highly technical and hard and deserve much better reaction in the community. Unless i will start asking easy questions…

Wrong answers i got:
1. “Just call the OAuth endpoint with your user and password”
No, I tracked all browser request from login to the action of follow(when the bearer token is needed) and at no time the browser calls the server to get the bearer token. so it is not that easy. Nonetheless the browser has the bearer token as it sends it after login, when you want to do an action such as follow. (this is why it generates it in JS from login data)

2. “just use the auth_toekn”
   No, the auth_token and the bearer are both needed and sent when you follow, if one is missing the call will fails, and they are very different from each other…

3. Please do not answer that twitter has an API, I know and it is not the question.

This is a hard question for really advanced developers. I am trying to research how Twitter Creates the bearer_token. This token is provided later on after login to follow or to do any other actions.

I put fiddler on, and after a successful login throguh twitter website (not an app or anything) Twitter calls:
https://twitter.com/sessions

This functions returns 5 cookies:

set-cookie: fm=0; Expires=Mon, 19 Mar 2018 23:58:22 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly
set-cookie: ads_prefs="HBERAAA="; Expires=Thu, 16 Mar 2028 23:58:32 GMT; Path=/; Domain=.twitter.com
set-cookie: kdt=1lMiTzCNWYEh4IrZmXmF1t9cjAT4LNVfUhfvBIa5; Expires=Tue, 17 Sep 2019 23:58:32 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly
set-cookie: _twitter_sess=BAh7CiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCMcps0BiAToMY3NyZl9p%250AZCIlZWM2ZmU1M2RlOGU3NmI4Yzc4ZDY4MTg3YmFiMmNlZTk6B2lkIiUyOTg4%250AOGE4NTY0MDNmNTY5NGU0YzM0MTI2ZjNkNWNhZjoJdXNlcmwrB5ynikA%253D--dc71be55646bbc98ff0043e50e7fe15c4fa80cc4; Path=/; Domain=.twitter.com; Secure; HTTPOnly
set-cookie: remember_checked_on=1; Expires=Thu, 16 Mar 2028 23:58:32 GMT; Path=/; Domain=.twitter.com
set-cookie: twid="u=1082828700"; Expires=Thu, 16 Mar 2028 23:58:32 GMT; Path=/; Domain=.twitter.com; Secure

set-cookie: auth_token=7d7c0e23f8c669ff78b921b5a451c7e60f001b6b; Expires=Thu, 16 Mar 2028 23:58:32 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly

Later on when I follow somebody twitter calls to:
https://api.twitter.com/1.1/friendships/create.json
Among the headers that are sent on this post request one important header is:
“authorization: Bearer” AAAAAAAAAAAAAAAAAAAAAPYXBAAAAAAACLXUNDekMxqa8h%2F40K4moUkGsoc%3DTYfbDKbT3jJPCEVnMYqilB28NHfOPqkca3qaAxGfsyKCs0wRbw

My questions is simple but important for my research, how is this Bearer token created?

1. Obviously it is created on the client side through Js, as inspecting all the twitter calls from login to follow(where bearer is used) no other call, calls to the server to get the bearer token. this is a fact after a long research

2. I suspect that through some
   sort of encoding, the auth_token, twid or kdt or a combination of those headers sent to me after login, the bearer token is created on the client side and then sent to server.

3. after investigating all the js files of twitter (and unminifing them using online tool) i came up with some functions that create it, but still cannot find a way to create the bearer token on my side?
   Any help will be highly appreciated, i am sure the concept is easy bearer token generated on client side through data got from login cookies. but i cannot figuere out how, and the js is hard to understand….

here are some snipseet taken from 3 files:

  <link rel="preload" href="https://abs.twimg.com/k/en/init.en.ace7071c803c455c5d97.js" as="script">
      <link rel="preload" href="https://abs.twimg.com/k/en/0.commons.en.de7b4986f9ad407bc0e4.js" as="script">
      <link rel="preload" href="https://abs.twimg.com/k/en/8.pages_home.en.9ee19c8cf9256226b254.js" as="script">

this._addBearerTokenToUrl = function(t, e) {
                    return t ? h.a.addToUrl(e, {
                        bearer_token: t
                    }) : e




function n() {
            var t = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : u;
            return function(e, i) {
                var n = {
                    authorization: "Bearer " + t
                };
                a.a.user.id && (n["x-twitter-auth-type"] = "OAuth2Session");
                var o = Object(r.a)(c);
                return o && (n["x-csrf-token"] = o), e.headers = s({}, e.headers, n), i(e)
            }
        }

 function n() {
            var t = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : u;
            return function(e, i) {
                var n = {
                    authorization: "Bearer " + t
                };
                a.a.user.id && (n["x-twitter-auth-type"] = "OAuth2Session");
                var o = Object(r.a)(c);
                return o && (n["x-csrf-token"] = o), e.headers = s({}, e.headers, n), i(e)
            }
        }

                    if (i.useOAuthSessionAuth) {
                        var E = this.getCsrfToken();
                        S = {
                            authorization: "Bearer " + k,
                            "x-twitter-auth-type": "OAuth2Session",
                            "x-csrf-token": E
                        }, x = {
                            withCredentials: !0
                        }
                    }