"From my testing, I am pretty sure authorize supports callback urls." It does, sorry if I wasn't clear on that.
So for your other question, yes, the new permission (for Read Write and Private Messages) will only be settable from the /authorize endpoint. Further up in the same thread: "You said you were restricting this permission to the OAuth /authorize web flow only. Will /oauth/authenticate (Sign in with Twitter) support the new permission?" The R/W/DM permission can only be granted through the /oauth/authorize route. Sign in with Twitter cannot be used to grant R/W/DM. We understand applications may use other methods of authentication like Sign in with Twitter as well. For this reason, if a user has authorised your application for R/W/DM and you direct them through Sign in with Twitter, we will respect the existing access token permission. This means you can use Sign in with Twitter after a user has authorized your application for R/W/DM. James On Mon, May 23, 2011 at 4:08 PM, Tyson Lowery <tysonlow...@gmail.com> wrote: > Ahhh, thanks that answers half my question. I did not see that from > Matt - they should split that thread into technical questions and > complaints, it got too hard to follow. > > From my testing, I am pretty sure authorize supports callback urls. > > Any idea about authenticate and private messages? Is this permission > not available in the authenticate flow by design, or is this a bug? > > . > On May 23, 3:01 pm, James Estes <james.es...@gmail.com> wrote: >> I believe the only difference is that the authenticate route could be >> used by only web based applications (ie they need to have a callback >> url) and allows for the force_login param. The authenticate can be >> used by either desktop or web apps, but do not support the >> force_login...but this may be changing soon. >> >> From themattharris earlier in the recent thread about the oauth >> permission change: >> >> "We support multiple accounts in our application, how do we force a >> login on the authorize flow?" >> Currently the only flow that supports the force_login parameter is / >> oauth/authenticate but adding it to /oauth/authorize flow is a good >> idea. We’ll begin working on this now and will let you know when it is >> released. >> >> >> >> >> >> >> >> On Mon, May 23, 2011 at 3:54 PM, Tyson Lowery <tysonlow...@gmail.com> wrote: >> > I can't seem to find the difference, does anyone know? >> >> > Previous to the new permission system I sent my users to >> >http://twitter.com/oauth/authenticate/ >> >> > But for some reason no matter what I do, it says at the bottom This >> > application will not be able to: >> > Access your private messages. >> >> > So I changed tohttp://twitter.com/oauth/authorize. That solved the >> > problem about accessing private messages. But I'd like to force the >> > user to re-log into twitter. I can't figure out a way to do that with >> > authorize. >> >> > I just need to solve one of these 2 problems. Any ideas? >> >> > Thanks, >> > Tyson >> >> > -- >> > Twitter developer documentation and resources:https://dev.twitter.com/doc >> > API updates via Twitter:https://twitter.com/twitterapi >> > Issues/Enhancements >> > Tracker:https://code.google.com/p/twitter-api/issues/list >> > Change your membership to this >> > group:https://groups.google.com/forum/#!forum/twitter-development-talk > > -- > Twitter developer documentation and resources: https://dev.twitter.com/doc > API updates via Twitter: https://twitter.com/twitterapi > Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > https://groups.google.com/forum/#!forum/twitter-development-talk > -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk