This maybe a harder architectural shift, but a better solution would be to 
move permissions from being per application, but instead a per 
authentication token method, wherein that each token stores the permissions 
that the app requested and was granted at the time they authorized. 

So in this case, let us pass in a well know list of fine grain permissions 
we want/need when we make an oAuth request and then offer an end point to 
authorize for additional permissions when needed to upgrade a token's access 
in the future as new features come out. 

In the case of xAuth, doing this wouldn't be as disruptive as all existing 
tokens would have all the permissions they intended when they were 
requested. In that xAuth could have a default permission level as set by 
Twitter when someone requests access to xAuth. 


Twitter developer documentation and resources:
API updates via Twitter:
Issues/Enhancements Tracker:
Change your membership to this group:!forum/twitter-development-talk

Reply via email to