Hmm, thanks.

Wonder why some are seeing this take affect and others, as reported in
this thread (including myself), are not...

On May 19, 1:13 pm, Mark Pavlidis <mark.pavli...@gmail.com> wrote:
> TheGuru,
> I set my app to RWPM permission at dev.twitter.com/apps and now it
> displays as such on the OAuth login page and on twitter.com/settings/
> applications.
>
> On May 19, 2:04 pm, TheGuru <jsort...@gmail.com> wrote:
>
>
>
>
>
>
>
> > That is to be expected regarding the 401.
>
> > However, while I see the changes on the application page of a
> > particular account, the OAuth login screen at Twitter for my
> > application still states:
>
> > This application will not be able to:
>
> >     Access your private messages.
> >     See your Twitter password.
>
> > Did you make any other changes other than upading the privilege level
> > for your application at dev.twitter.com?
>
> > On May 19, 12:49 pm, Mark Pavlidis <mark.pavli...@gmail.com> wrote:
>
> > > Yes i've seen the changes on my applications page and on the OAuth
> > > login page. Further, my other device that was logged in using the old
> > > Read,Write token was getting Unauthorized (401) responses as that
> > > token was revoked an replaced with the Read, Write, Private message
> > > token.  Should be handled appropriately if you are a dev with an app
> > > on multiple platforms.
>
> > > Mark
>
> > > On May 19, 9:42 am, TheGuru <jsort...@gmail.com> wrote:
>
> > > > +1.  I'm seeing the same thing and not sure if it is a waiting game or
> > > > something that needs adjusted in the flow from the client side as
> > > > well.
>
> > > > Any insight is appreciated.
>
> > > > Has anyone who adjusted their app permissions on dev.twitter.com seen
> > > > this reflected on the OAuth login page at Twitter?
>
> > > > On May 19, 2:02 am, Adriaan Pelzer <adri...@wewillraakyou.com> wrote:
>
> > > > > Hi Matt,
>
> > > > > I have started implementing these changes. The app's permissions 
> > > > > setting is
> > > > > set to "Read, Write & DM" (the new one).
>
> > > > > However, when the user gets redirected to the auth page, it still 
> > > > > indicates
> > > > > that the app will not be able to read or send DM's. Is this something 
> > > > > that
> > > > > will automatically happen when you activate it, or is there a 
> > > > > permissions
> > > > > parameter I should send to the auth page?
>
> > > > > Adriaan Pelzer
>
> > > > >  //))//\\//\\||//
> > > > > //\\//7//7///\\
>
> > > > > putting you in touch with your crowdshttp://www.wewillraakyou.com
> > > > > <http://www.wewillraakyou.com>twitter:http://www.twitter.com/adriaan_pelzer
> > > > > linkedIn:http://uk.linkedin.com/pub/adriaan-pelzer/4/874/860/
> > > > > skype: adriaan_pelzer
> > > > > <http://uk.linkedin.com/pub/adriaan-pelzer/4/874/860/>
> > > > > +4478 7978 1743
>
> > > > > On Wed, May 18, 2011 at 6:01 PM, Matt Harris 
> > > > > <thematthar...@twitter.com>wrote:
>
> > > > > > Hey everyone,
>
> > > > > > We recently updated our OAuth screens to give users greater 
> > > > > > transparency
> > > > > > about the level of access applications have to their accounts. The 
> > > > > > valuable
> > > > > > feedback Twitter users and developers have given us played a large 
> > > > > > part in
> > > > > > that redesign and helped us identify where we can do more.
>
> > > > > > In particular, users and developers have requested greater 
> > > > > > granularity for
> > > > > > permission levels.
>
> > > > > > In response to this feedback, we have created a new permission 
> > > > > > level for
> > > > > > applications called “Read, Write & Direct Messages”. This 
> > > > > > permission will
> > > > > > allow an application to read or delete a user's direct messages. 
> > > > > > When we
> > > > > > enforce this permission, applications without a “Read, Write & 
> > > > > > Direct
> > > > > > Messages” token will be unable to read or delete direct messages. 
> > > > > > To ensure
> > > > > > users know that an application is receiving access to their direct 
> > > > > > messages,
> > > > > > we are also restricting this permission to the OAuth /authorize web 
> > > > > > flow
> > > > > > only. This means applications which use xAuth and want to access 
> > > > > > direct
> > > > > > messages must send a user through the full OAuth flow.
>
> > > > > > What does this mean for your application?
> > > > > > If you do not need access to direct messages: you won’t need to 
> > > > > > make any
> > > > > > changes to your application. When we enforce the new permission 
> > > > > > level your
> > > > > > read or read/write token will automatically lose access to direct 
> > > > > > messages.
>
> > > > > > If you do need access to direct messages: you will need to edit your
> > > > > > application record onhttps://dev.twitter.com/appsandchangethe
> > > > > > permission level of your application to “Read, Write and Direct 
> > > > > > Messages”.
> > > > > > The new permission will not affect existing tokens which means 
> > > > > > existing
> > > > > > users or your app or service will need to reauthorize.
>
> > > > > > We know this will take some time so we are allowing a transition 
> > > > > > period
> > > > > > until the end of this month. During this time there will be no 
> > > > > > change to the
> > > > > > access Read/Write tokens have to a users account. However, at the 
> > > > > > end of the
> > > > > > month any tokens which have not been upgrade to “Read, Write and 
> > > > > > Direct
> > > > > > Messages” will be unable to access and delete direct messages.
>
> > > > > > Affected APIs and requests
> > > > > > On the REST API, Read and Read/Write applications will no longer be 
> > > > > > able to
> > > > > > use these API methods:
> > > > > > /1/direct_messages.{format}
> > > > > > /1/direct_messages/sent.{format}
> > > > > > /1/direct_messages/show.{format}
> > > > > > /1/direct_messages/destroy.{format}
>
> > > > > > For the Streaming API, both User Streams and Site Streams will only 
> > > > > > receive
> > > > > > direct messages if the user has authorised an application to access 
> > > > > > direct
> > > > > > messages.
>
> > > > > > Applications that use “Sign-in with Twitter” or xAuth will only be 
> > > > > > able to
> > > > > > receive Read or Read/Write tokens.
>
> > > > > > What this means is only applications which direct a user through 
> > > > > > the OAuth
> > > > > > web flow will be able to receive access tokens that allow access to 
> > > > > > direct
> > > > > > messages. Any other method of authorization, including xAuth, will 
> > > > > > only be
> > > > > > able to receive Read/Write tokens.
>
> > > > > > What will happen when the permission is activated
> > > > > > When we activate the new permission, all Read and Read/Write 
> > > > > > user_tokens
> > > > > > issued to third-party applications will lose their ability to read 
> > > > > > direct
> > > > > > messages. Any attempt to read direct messages will result in an 
> > > > > > HTTP 403
> > > > > > error being returned.
>
> > > > > > For example, a GET request to
> > > > > >https://api.twitter.com/1/direct_messages/sent.jsonwillreturnanHTTP
> > > > > > 403 Forbidden with the response body:
>
> > > > > > {"errors":[{"code":93,"message":"This application is not allowed to 
> > > > > > access
> > > > > > or delete your direct messages"}]}
>
> > > > > > Key Points
> > > > > > * If you wish to access a user’s direct messages you will need to 
> > > > > > update
> > > > > > your application and reauthorize existing tokens.
> > > > > > * The only way to get direct message access is to request access 
> > > > > > through
> > > > > > the OAuth /authorize web flow. You will not be permitted to access 
> > > > > > direct
> > > > > > messages if you use xAuth.
> > > > > > * When we enforce the permission Read/Write and Read tokens will be 
> > > > > > unable
> > > > > > to access and delete direct messages.
> > > > > > * Read/Write tokens will be able to send direct messages after the
> > > > > > permission is enforced.
>
> > > > > > We’ll be collating responses and adding more information on our 
> > > > > > developer
> > > > > > resources permission model page:
> > > > > >https://dev.twitter.com/pages/application-permission-model
>
> > > > > > We have also blogged about this on the Twitter blog:
> > > > > >http://blog.twitter.com/2011/05/mission-permission.html
>
> > > > > > Best,
> > > > > > @themattharris
>
> > > > > > --
> > > > > > Twitter developer documentation and 
> > > > > > resources:https://dev.twitter.com/doc
> > > > > > API updates via Twitter:https://twitter.com/twitterapi
> > > > > > Issues/Enhancements Tracker:
> > > > > >https://code.google.com/p/twitter-api/issues/list
> > > > > > Change your membership to this group:
> > > > > >https://groups.google.com/forum/#!forum/twitter-development-talk

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to