On Wed, May 18, 2011 at 12:50:30PM -0700, Derek Gathright wrote:
>    I agree with Scott.  A token should simply be a bond between the user
>    and the app, it should not contain any knowledge of
>    permissions/restrictions.  A token simply represents "Hi, I'm making a
>    call on behalf of Joe User.  Attached is the request I want to make.
>    Make sure I'm allowed to do this before you execute it."
>    Forcing re-authentication whenever permissions change is a major pain
>    for both developers and users.  Removing permission-based tokens
>    benefits the user because they can modify the access an application has
>    without having to re-authenticate, something 99% of users will not
>    understand.


Martin Dapas

Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to