This is where my confusion stemmed from.

I'm not sure I was aware of the fact there were 2 OAuth login flows,
"web flow" versus "sign in with Twitter".

As soon as I flipped the boolean in my PHP include for OAuth to set
sign_in_with_twitter = FALSE, so that it would use /authorize instead
of /authenticate (sign in with twitter), I then saw the correct
permissions on the login page.

I'm not sure this is obvious to many devs (it wasn't to me), that
there was a difference.  I just happened to use / assume "sign in with
twitter" was the only web based login available after the
implementation of OAuth.

What are the implications / reasons for using one method over the
other?  They seem to essentially do the same exact thing / accomplish
the same exact goal.

On May 19, 3:17 pm, themattharris <> wrote:

> The permission level for your application can be edited 
> on When the website is busy, it can take a
> little bit longer for changes to your application to be reflected.
> > Is using a web view against the Terms of Service (TOS)?
> Using an in-app web view to show the OAuth pages is not against our
> TOS. However, we encourage developers to use the built-in browser
> where appropriate.
> > You said you were restricting this permission to the OAuth /authorize web 
> > flow only. Will /oauth/authenticate (Sign in with Twitter) support the new 
> > permission?
> The R/W/DM permission can only be granted through the /oauth/authorize
> route. Sign in with Twitter cannot be used to grant R/W/DM.
> We understand applications may use other methods of authentication
> like Sign in with Twitter as well. For this reason, if a user has
> authorised your application for R/W/DM and you direct them through
> Sign in with Twitter, we will respect the existing access token
> permission. This means you can use Sign in with Twitter after a user
> has authorized your application for R/W/DM.

Twitter developer documentation and resources:
API updates via Twitter:
Issues/Enhancements Tracker:
Change your membership to this group:!forum/twitter-development-talk

Reply via email to