I agree with Scott. A token should simply be a bond between the user and the app, it should not contain any knowledge of permissions/restrictions. A token simply represents "Hi, I'm making a call on behalf of Joe User. Attached is the request I want to make. Make sure I'm allowed to do this before you execute it."
Forcing re-authentication whenever permissions change is a major pain for both developers and users. Removing permission-based tokens benefits the user because they can modify the access an application has without having to re-authenticate, something 99% of users will not understand. On Wed, May 18, 2011 at 11:51 AM, Scott Wilcox <[email protected]> wrote: > Hello, > > There have been a lot of opinions voiced about how this is being > implemented. This not only proves troublesome for xAuth clients, but it > lends me to worry about how the future of permissions will evolve. > Effectively now, every single Twitter user needs to get their application > re-authed for the new tokens to provide DM access by the end of the month. > > The Facebook style of using a 'scope' for individual permissions is so much > more viable. I also believe that the API should provide a lookup for the > permissions that a set of credentials currently provides. I honestly believe > that going down the 'scope' route for permissions will be a lot better for > all concerned. When new permissions are introduced to the API in the future, > it would be a small matter of updating the requesting scope for the > application developer, rather than completely rewriting chunks of code. > > I'd like a response from Matt, Taylor or Raffi on this matter and the plans > for future permissions and their implementation. > > On 18 May 2011, at 19:42, Naveen wrote: > > > I had most of the same thoughts already mentioned in this thread so > > wont reiterate everyone, except to add that this seems like a rather > > sudden and disruptive change coming just after #devnestsf where > > Twitter made a point that it was trying to provide better guidance so > > companies that rely on the platform have time to plan and make > > changes. > > > > @knight9 > > > > -- > > Twitter developer documentation and resources: > https://dev.twitter.com/doc > > API updates via Twitter: https://twitter.com/twitterapi > > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > > -- > Scott Wilcox > > @dordotky | [email protected] | http://dor.ky > +44 (0) 7538 842418 | +1 (646) 827-0580 > > > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: > https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
