Quoting "Papa.Coen" <papa.c...@gmail.com>:

To all them TWITTER devs:

I have some issues with asking Twitter users for FULL control of their
account. Currently I only want to reply and (re)tweet on their behalf.
But with an accepted authorization I can do everything with their
account. There's also no way of making clear my intentions on the
twitter authorization page. Of course, I could do this up front, but I
expect the user to start reading only when twitter asks him/her to
accept or decline authorization.

So I'd like to propose 2 additions to either OAuth or a Twitter OAuth
extension:
- The possibility to ask for (by the app) and grant (by the user) a
more fine grained level of authorization (more than just read/write
only)
- The possibility to insert a (short) description of the intended
usage, perhaps taken from the app registration from within twitter.

What do you think?

The only thing I'd *really* like is an extra permission level to read and write DMs. Even though we all know that an authenticated app can read and write DMs "on your behalf", I think a second level of authorization for DM access would be a nice addition.

And I also think those REST calls that don't require authentication should get the full 350 calls per hour by default, rather than forcing apps to elevate privilege *only* for the purpose of getting the extra 200 calls per hour. Back when we thought there was going to be a 1500:150 calls per hour ratio for oAuth calls over basic auth or unauthenticated calls, it made sense - it was an incentive to be an early oAuth adopter. But now that it's 350:150 for oAuth (only) over unauthenticated, it seems wrong. If an app is only working with calls that don't require authentication, that's a *good* thing - why penalize it by limiting its rate?

So if *I* ran Twitter, there'd be three levels:

0. Unauthenticated: 350 calls per hour for things like dumping a user's most recent 3200 tweets or list of followers, 1. Authenticated: can post tweets, update lists and change anything in the profile that's publicly visible but can't read or post DMs.
2. DM-Authenticated: can read and write DMs.

Then again, who knows? Maybe when I get #newtwitter my perspective will change. ;-)

--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos


--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to