I agree with Scott.  A token should simply be a bond between the user and
the app, it should not contain any knowledge of permissions/restrictions.  A
token simply represents "Hi, I'm making a call on behalf of Joe User.
Attached is the request I want to make.  Make sure I'm allowed to do this
before you execute it."

Forcing re-authentication whenever permissions change is a major pain for
both developers and users.  Removing permission-based tokens benefits the
user because they can modify the access an application has without having to
re-authenticate, something 99% of users will not understand.

On Wed, May 18, 2011 at 11:51 AM, Scott Wilcox <sc...@dor.ky> wrote:

> Hello,
>
> There have been a lot of opinions voiced about how this is being
> implemented. This not only proves troublesome for xAuth clients, but it
> lends me to worry about how the future of permissions will evolve.
> Effectively now, every single Twitter user needs to get their application
> re-authed for the new tokens to provide DM access by the end of the month.
>
> The Facebook style of using a 'scope' for individual permissions is so much
> more viable. I also believe that the API should provide a lookup for the
> permissions that a set of credentials currently provides. I honestly believe
> that going down the 'scope' route for permissions will be a lot better for
> all concerned. When new permissions are introduced to the API in the future,
> it would be a small matter of updating the requesting scope for the
> application developer, rather than completely rewriting chunks of code.
>
> I'd like a response from Matt, Taylor or Raffi on this matter and the plans
> for future permissions and their implementation.
>
> On 18 May 2011, at 19:42, Naveen wrote:
>
> > I had most of the same thoughts already mentioned in this thread so
> > wont reiterate everyone, except to add that this seems like a rather
> > sudden and disruptive change coming just after #devnestsf where
> > Twitter made a point that it was trying to provide better guidance so
> > companies that rely on the platform have time to plan and make
> > changes.
> >
> > @knight9
> >
> > --
> > Twitter developer documentation and resources:
> https://dev.twitter.com/doc
> > API updates via Twitter: https://twitter.com/twitterapi
> > Issues/Enhancements Tracker:
> https://code.google.com/p/twitter-api/issues/list
> > Change your membership to this group:
> https://groups.google.com/forum/#!forum/twitter-development-talk
>
> --
> Scott Wilcox
>
> @dordotky | sc...@dor.ky | http://dor.ky
> +44 (0) 7538 842418 | +1 (646) 827-0580
>
>
>
> --
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> https://groups.google.com/forum/#!forum/twitter-development-talk
>

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to