Frank-

http://dev.twitter.com/pages/application-permission-model-faq

The way I read the FAQ posted is _only_ apps requiring DM read access will be 
affected under the following endpoints:

/1/direct_messages.{format}
/1/direct_messages/sent.{format}
/1/direct_messages/destroy.{format}
/1/direct_messages/show.{format}

These will receive an HTTP 403 with:
{"errors":[{"code":93,"message":"This application is not allowed to access or 
delete your direct messages"}]}

In fact, it explicitly says:

"Yes. Read/Write tokens can send direct messages using direct_messages/new."

Which doesn't quite make sense from a security standpoint... but I'm not going 
to argue.

Unless this is all PR spin, the only thing that seemed unclear was whether 
Twitter's own apps would require re-authorization into the new perms. The only 
thing that addresses that was what I posted previously:

> > Will Twitter's own applications also go through the OAuth web flow?
> We’re taking this step to give more clarity and control to users about
> the access a third-party application has to their account. The way
> users interact with Twitter’s clients is not expected to change.
> 
> Applications who wish to access a user’s DMs will need to update their
> application permission and incorporate the OAuth web flow if they
> don’t already. If an application does not need access to DMs it will
> not need to make any changes.
> 


Which says they'll be subject to oAuth web flow... but as I understand it, they 
already are.  It says nothing about the re-auth steps for the own apps. 

Maybe someone from Twitter will provide a more clear response regarding re-auth 
of their own apps instead of an ambiguous answer. This could defuse some 
developer concern and conspiracy theory conjecture.


Damon







On Thursday, May 19, 2011 at 5:22 PM, Frank Ash wrote: 
> Cartmetrix, We don't know for sure what will happen. That's kinda the 
> problem. My guess is we all prepare now by making our app request rwdm 
> access, then when the switch takes effect any token that has been changed 
> with this update will then need to be reauthorized. Not effecting us now, but 
> when that change takes hold, I imagine all our tokens will be basically 
> unauthorized because its an all new permission request, thus forcing each 
> user to accept the new authorizations before they can use the app to 
> communicate with the Api. Also I spoke unclear earlier about all apps 
> failing. It will only be ones that use DM as a feature. Which is basically 
> any client app. I just assume everyone here is effected by the DM permission 
> change in some way, so I say all our apps. But little Twitter apps that just 
> read and write won't be effected at all. Because Twitter isn't afraid of 
> them, just client apps.
> 
> Also there is no way Twitter will make themselves do the same thing. Lol that 
> would be hilarious. They will in no way form or fashion make all their users 
> go through this process. That would be something I would be fine with. If 
> they want this change, let them do it also lol. But yeah, there is no way 
> they would, because they know exactly what would happen.
> 
> -- 
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group: 
> https://groups.google.com/forum/#!forum/twitter-development-talk
> 

-- 
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
https://groups.google.com/forum/#!forum/twitter-development-talk

Reply via email to