Quoting "Papa.Coen" <papa.c...@gmail.com>:
To all them TWITTER devs:
I have some issues with asking Twitter users for FULL control of their
account. Currently I only want to reply and (re)tweet on their behalf.
But with an accepted authorization I can do everything with their
account. There's also no way of making clear my intentions on the
twitter authorization page. Of course, I could do this up front, but I
expect the user to start reading only when twitter asks him/her to
accept or decline authorization.
So I'd like to propose 2 additions to either OAuth or a Twitter OAuth
- The possibility to ask for (by the app) and grant (by the user) a
more fine grained level of authorization (more than just read/write
- The possibility to insert a (short) description of the intended
usage, perhaps taken from the app registration from within twitter.
What do you think?
The only thing I'd *really* like is an extra permission level to read
and write DMs. Even though we all know that an authenticated app can
read and write DMs "on your behalf", I think a second level of
authorization for DM access would be a nice addition.
And I also think those REST calls that don't require authentication
should get the full 350 calls per hour by default, rather than forcing
apps to elevate privilege *only* for the purpose of getting the extra
200 calls per hour. Back when we thought there was going to be a
1500:150 calls per hour ratio for oAuth calls over basic auth or
unauthenticated calls, it made sense - it was an incentive to be an
early oAuth adopter. But now that it's 350:150 for oAuth (only) over
unauthenticated, it seems wrong. If an app is only working with calls
that don't require authentication, that's a *good* thing - why
penalize it by limiting its rate?
So if *I* ran Twitter, there'd be three levels:
0. Unauthenticated: 350 calls per hour for things like dumping a
user's most recent 3200 tweets or list of followers,
1. Authenticated: can post tweets, update lists and change anything in
the profile that's publicly visible but can't read or post DMs.
2. DM-Authenticated: can read and write DMs.
Then again, who knows? Maybe when I get #newtwitter my perspective
will change. ;-)
M. Edward (Ed) Borasky
"A mathematician is a device for turning coffee into theorems." - Paul Erdos
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: