That is to be expected regarding the 401.

However, while I see the changes on the application page of a
particular account, the OAuth login screen at Twitter for my
application still states:

This application will not be able to:

    Access your private messages.
    See your Twitter password.

Did you make any other changes other than upading the privilege level
for your application at dev.twitter.com?

On May 19, 12:49 pm, Mark Pavlidis <mark.pavli...@gmail.com> wrote:
> Yes i've seen the changes on my applications page and on the OAuth
> login page. Further, my other device that was logged in using the old
> Read,Write token was getting Unauthorized (401) responses as that
> token was revoked an replaced with the Read, Write, Private message
> token.  Should be handled appropriately if you are a dev with an app
> on multiple platforms.
>
> Mark
>
> On May 19, 9:42 am, TheGuru <jsort...@gmail.com> wrote:
>
>
>
>
>
>
>
> > +1.  I'm seeing the same thing and not sure if it is a waiting game or
> > something that needs adjusted in the flow from the client side as
> > well.
>
> > Any insight is appreciated.
>
> > Has anyone who adjusted their app permissions on dev.twitter.com seen
> > this reflected on the OAuth login page at Twitter?
>
> > On May 19, 2:02 am, Adriaan Pelzer <adri...@wewillraakyou.com> wrote:
>
> > > Hi Matt,
>
> > > I have started implementing these changes. The app's permissions setting 
> > > is
> > > set to "Read, Write & DM" (the new one).
>
> > > However, when the user gets redirected to the auth page, it still 
> > > indicates
> > > that the app will not be able to read or send DM's. Is this something that
> > > will automatically happen when you activate it, or is there a permissions
> > > parameter I should send to the auth page?
>
> > > Adriaan Pelzer
>
> > >  //))//\\//\\||//
> > > //\\//7//7///\\
>
> > > putting you in touch with your crowdshttp://www.wewillraakyou.com
> > > <http://www.wewillraakyou.com>twitter:http://www.twitter.com/adriaan_pelzer
> > > linkedIn:http://uk.linkedin.com/pub/adriaan-pelzer/4/874/860/
> > > skype: adriaan_pelzer
> > > <http://uk.linkedin.com/pub/adriaan-pelzer/4/874/860/>
> > > +4478 7978 1743
>
> > > On Wed, May 18, 2011 at 6:01 PM, Matt Harris 
> > > <thematthar...@twitter.com>wrote:
>
> > > > Hey everyone,
>
> > > > We recently updated our OAuth screens to give users greater transparency
> > > > about the level of access applications have to their accounts. The 
> > > > valuable
> > > > feedback Twitter users and developers have given us played a large part 
> > > > in
> > > > that redesign and helped us identify where we can do more.
>
> > > > In particular, users and developers have requested greater granularity 
> > > > for
> > > > permission levels.
>
> > > > In response to this feedback, we have created a new permission level for
> > > > applications called “Read, Write & Direct Messages”. This permission 
> > > > will
> > > > allow an application to read or delete a user's direct messages. When we
> > > > enforce this permission, applications without a “Read, Write & Direct
> > > > Messages” token will be unable to read or delete direct messages. To 
> > > > ensure
> > > > users know that an application is receiving access to their direct 
> > > > messages,
> > > > we are also restricting this permission to the OAuth /authorize web flow
> > > > only. This means applications which use xAuth and want to access direct
> > > > messages must send a user through the full OAuth flow.
>
> > > > What does this mean for your application?
> > > > If you do not need access to direct messages: you won’t need to make any
> > > > changes to your application. When we enforce the new permission level 
> > > > your
> > > > read or read/write token will automatically lose access to direct 
> > > > messages.
>
> > > > If you do need access to direct messages: you will need to edit your
> > > > application record onhttps://dev.twitter.com/appsandchangethe
> > > > permission level of your application to “Read, Write and Direct 
> > > > Messages”.
> > > > The new permission will not affect existing tokens which means existing
> > > > users or your app or service will need to reauthorize.
>
> > > > We know this will take some time so we are allowing a transition period
> > > > until the end of this month. During this time there will be no change 
> > > > to the
> > > > access Read/Write tokens have to a users account. However, at the end 
> > > > of the
> > > > month any tokens which have not been upgrade to “Read, Write and Direct
> > > > Messages” will be unable to access and delete direct messages.
>
> > > > Affected APIs and requests
> > > > On the REST API, Read and Read/Write applications will no longer be 
> > > > able to
> > > > use these API methods:
> > > > /1/direct_messages.{format}
> > > > /1/direct_messages/sent.{format}
> > > > /1/direct_messages/show.{format}
> > > > /1/direct_messages/destroy.{format}
>
> > > > For the Streaming API, both User Streams and Site Streams will only 
> > > > receive
> > > > direct messages if the user has authorised an application to access 
> > > > direct
> > > > messages.
>
> > > > Applications that use “Sign-in with Twitter” or xAuth will only be able 
> > > > to
> > > > receive Read or Read/Write tokens.
>
> > > > What this means is only applications which direct a user through the 
> > > > OAuth
> > > > web flow will be able to receive access tokens that allow access to 
> > > > direct
> > > > messages. Any other method of authorization, including xAuth, will only 
> > > > be
> > > > able to receive Read/Write tokens.
>
> > > > What will happen when the permission is activated
> > > > When we activate the new permission, all Read and Read/Write user_tokens
> > > > issued to third-party applications will lose their ability to read 
> > > > direct
> > > > messages. Any attempt to read direct messages will result in an HTTP 403
> > > > error being returned.
>
> > > > For example, a GET request to
> > > >https://api.twitter.com/1/direct_messages/sent.jsonwillreturnan HTTP
> > > > 403 Forbidden with the response body:
>
> > > > {"errors":[{"code":93,"message":"This application is not allowed to 
> > > > access
> > > > or delete your direct messages"}]}
>
> > > > Key Points
> > > > * If you wish to access a user’s direct messages you will need to update
> > > > your application and reauthorize existing tokens.
> > > > * The only way to get direct message access is to request access through
> > > > the OAuth /authorize web flow. You will not be permitted to access 
> > > > direct
> > > > messages if you use xAuth.
> > > > * When we enforce the permission Read/Write and Read tokens will be 
> > > > unable
> > > > to access and delete direct messages.
> > > > * Read/Write tokens will be able to send direct messages after the
> > > > permission is enforced.
>
> > > > We’ll be collating responses and adding more information on our 
> > > > developer
> > > > resources permission model page:
> > > >https://dev.twitter.com/pages/application-permission-model
>
> > > > We have also blogged about this on the Twitter blog:
> > > >http://blog.twitter.com/2011/05/mission-permission.html
>
> > > > Best,
> > > > @themattharris
>
> > > > --
> > > > Twitter developer documentation and 
> > > > resources:https://dev.twitter.com/doc
> > > > API updates via Twitter:https://twitter.com/twitterapi
> > > > Issues/Enhancements Tracker:
> > > >https://code.google.com/p/twitter-api/issues/list
> > > > Change your membership to this group:
> > > >https://groups.google.com/forum/#!forum/twitter-development-talk

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to