Re: [twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect
Hi Taylor, Thank you for the quick reply. Is there a good reason for that limitation? Or is there some hope that in the future request_token will be enhanced to enable explicit request of a RWD token? In the mean time, I'll figure out the best way to get by. Thanks again. Jeff On Fri, Jul 01, 2011 at 11:59:11AM -0700, Taylor Singletary wrote: > Hi Jeff, > > There's no way to specify a RWD option on this method -- if your application > requires the use of direct messages in any context, you must set that at the > application level. > > This parameter will only influence the creation of RO or RW tokens. > > @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor > Singletary > > > On Fri, Jul 1, 2011 at 11:42 AM, Jeff Dairiki wrote: > > > To restate my question of yesterday: > > > > It has been (and is still) possible to set the "default access type" > > for ones app to "Read-only", yet still get read/write tokens by passing > > "x_auth_access_type=write" to /oauth/request_token. > > > > Is there a corresponding value for x_auth_access_type which will > > yield a read/write/direct-message token? > > > > (The docs at http://dev.twitter.com/doc/post/oauth/request_token list > > only the choices 'read' and 'write'. If there really is no third > > value to be used to request a r/w/dm token, this would seem to me --- > > in light of the recent permission model changes --- to be an > > oversight.) > > > > I've just filed a ticket on this: > > > > http://code.google.com/p/twitter-api/issues/detail?id=2258 > > > > Thanks for any help! > > > > Jeff > > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect
To restate my question of yesterday: It has been (and is still) possible to set the "default access type" for ones app to "Read-only", yet still get read/write tokens by passing "x_auth_access_type=write" to /oauth/request_token. Is there a corresponding value for x_auth_access_type which will yield a read/write/direct-message token? (The docs at http://dev.twitter.com/doc/post/oauth/request_token list only the choices 'read' and 'write'. If there really is no third value to be used to request a r/w/dm token, this would seem to me --- in light of the recent permission model changes --- to be an oversight.) I've just filed a ticket on this: http://code.google.com/p/twitter-api/issues/detail?id=2258 Thanks for any help! Jeff -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] Re: The new permission model (R / RW / RWD) is now in effect
On Thu, Jun 30, 2011 at 01:02:45PM -0700, Taylor Singletary wrote: > > * Option 2: There's a feature we've added to the OAuth flow that allows you > to specify the level of permissions you are asking for at the time of the > request. In this scenario, you would set your application to RWD but > explicitly request your end-users to receive only RW tokens by passing the > parameter "x_auth_access_type=write" to > api.twitter.com/oauth/request_tokenon the first step of the OAuth song > and dance. When negotiating your own > token, you'll ask for a RWD but for all end-user tokens, only RW. You leave > your application at the RWD level. More details on this option are at > http://dev.twitter.com/doc/post/oauth/request_token Is it possible to (leave) the app default access level set at RW, but use x_auth_access_type to request RWD access for a specific account? It seems like it should be, however the docs for request_token only mention two possible values --- 'read' and 'write' --- for 'x_auth_access_type'. Thanks for any help! Cheers, Jeff -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: Read/Write Access
On Sun, Aug 09, 2009 at 03:50:44PM -0700, David Cramer wrote: > > So short story I've been changing our application from Read to Read/ > Write access, and I cannot get it working. I've checked and double > checked the app settings, and it asks for "read and update access" on > the authorize page. Once authorized, however, it continues to say > "Read-only application cannot POST". It seems that once an oauth token has been issued , twitter will/can not change its permission level. If there is a valid read-only oauth token for a particular user, if you send the user to the authorize page requesting read/write access, you get back that existing token, with access rights unchanged (still read-only). The only way (that I've been able to figure out) to "upgrade" a user's access from read-only access to read/write is to have the user visit their "settings->connections" page, revoke access to your app, then go through the authentication process again. Then you get back a new oauth token, and it will have the requested access level. I filed a ticket on this a month or so ago: http://code.google.com/p/twitter-api/issues/detail?id=814 The response was WontFix. (Personally, I still maintain this is a bug.) Jeff
[twitter-dev] Re: HTML escaping by Twitter is really a bug
On Fri, Jul 17, 2009 at 07:53:27AM -0700, Bjoern wrote: > > look for example at this: http://twitter.com/statuses/show/2689100482.json > > My status update was "test html escaping by twitter bold" but > Twitter sends me "test html escaping by twitter bold<\/ > b>" > > So it has transformed the "<" and "<" into HTML entities < and > > [...] > Hope that clarifies it? Yes it does. It seems the API encodes <, >, &, and ". (I should have realized that was what you meant in the first place --- haven't had enough coffee yet this morning.) And I see your point. Though I can see the reason for the encoding. Imagine the havoc which could ensue if some unknowing app developer forgets to encode texts, allowing nefarious parties to post raw HTML to their site via twitter. As you stated at the top of the thread --- it's easy enough to decode the entities yourself, if you want the raw text. Sorry for the interruption... carry on! Jeff
[twitter-dev] Re: HTML escaping by Twitter is really a bug
On Fri, Jul 17, 2009 at 04:15:52AM -0700, Bjoern wrote: > > probably it is too late to change it now, but someone has to say it: I > think it is the wrong approach to do HTML escaping in the API on the > Twitter side. What data are you referring to that is being HTML-escaped? >From what I can tell, the text of status messages, at least, are not escaped by the API. For example, look at: http://twitter.com/statuses/show/2688630329.json or http://twitter.com/statuses/show/2688630329.xml In the JSON format, non-ascii characters are properly escaped unicode in the javascript strings; in the XML format, non-asciis are encoded as XML numeric character entities. Either way, once you've (properly) decoded the message, you should have plain old unicode. If one (incorrectly) posts (already encoded) HTML entities in a status update, the twitter.com web page is lenient about not double-encoding them. In other words if you post a status update of "A & B", the twitter.com web interface will display this as "A & B", even though the API (correctly) will report the status text to be "A & B". E.g. compare status 2688630329 (links above) to: http://twitter.com/statuses/show/2688620445.json http://twitter.com/statuses/show/2688620445.xml ... Or were you talking about something else altogether? Jeff