Frank-
http://dev.twitter.com/pages/application-permission-model-faq
The way I read the FAQ posted is _only_ apps requiring DM read access will be
affected under the following endpoints:
/1/direct_messages.{format}
/1/direct_messages/sent.{format}
/1/direct_messages/destroy.{format}
/1/direct_messages/show.{format}
These will receive an HTTP 403 with:
{"errors":[{"code":93,"message":"This application is not allowed to access or
delete your direct messages"}]}
In fact, it explicitly says:
"Yes. Read/Write tokens can send direct messages using direct_messages/new."
Which doesn't quite make sense from a security standpoint... but I'm not going
to argue.
Unless this is all PR spin, the only thing that seemed unclear was whether
Twitter's own apps would require re-authorization into the new perms. The only
thing that addresses that was what I posted previously:
> > Will Twitter's own applications also go through the OAuth web flow?
> We’re taking this step to give more clarity and control to users about
> the access a third-party application has to their account. The way
> users interact with Twitter’s clients is not expected to change.
>
> Applications who wish to access a user’s DMs will need to update their
> application permission and incorporate the OAuth web flow if they
> don’t already. If an application does not need access to DMs it will
> not need to make any changes.
>
Which says they'll be subject to oAuth web flow... but as I understand it, they
already are. It says nothing about the re-auth steps for the own apps.
Maybe someone from Twitter will provide a more clear response regarding re-auth
of their own apps instead of an ambiguous answer. This could defuse some
developer concern and conspiracy theory conjecture.
Damon
On Thursday, May 19, 2011 at 5:22 PM, Frank Ash wrote:
> Cartmetrix, We don't know for sure what will happen. That's kinda the
> problem. My guess is we all prepare now by making our app request rwdm
> access, then when the switch takes effect any token that has been changed
> with this update will then need to be reauthorized. Not effecting us now, but
> when that change takes hold, I imagine all our tokens will be basically
> unauthorized because its an all new permission request, thus forcing each
> user to accept the new authorizations before they can use the app to
> communicate with the Api. Also I spoke unclear earlier about all apps
> failing. It will only be ones that use DM as a feature. Which is basically
> any client app. I just assume everyone here is effected by the DM permission
> change in some way, so I say all our apps. But little Twitter apps that just
> read and write won't be effected at all. Because Twitter isn't afraid of
> them, just client apps.
>
> Also there is no way Twitter will make themselves do the same thing. Lol that
> would be hilarious. They will in no way form or fashion make all their users
> go through this process. That would be something I would be fine with. If
> they want this change, let them do it also lol. But yeah, there is no way
> they would, because they know exactly what would happen.
>
> --
> Twitter developer documentation and resources: https://dev.twitter.com/doc
> API updates via Twitter: https://twitter.com/twitterapi
> Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> https://groups.google.com/forum/#!forum/twitter-development-talk
>
--
Twitter developer documentation and resources: https://dev.twitter.com/doc
API updates via Twitter: https://twitter.com/twitterapi
Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list
Change your membership to this group:
https://groups.google.com/forum/#!forum/twitter-development-talk
