Hi Matt / Twitter, We're not seeing the Direct Message permission setting ever take effect. In our application profile, it says that we're set to request read, write and DM, and we've saved this several times successfully. However, both the X-Access-Level header and the oauth/authorize page list that we don't have DM access (and for the former, on accounts for which we've re-authorized).
Aaron On Jun 13, 7:56 pm, Matt Harris <thematthar...@twitter.com> wrote: > Hey everyone, > > A number of updates were made to the Direct Message methods and OAuth > screens at the end of last week. Here's what went out: > > * force_login is now supported onhttps://api.twitter.com/oauth/authorize > * the OAuth screens now support a feature phone tier of handsets and render > them in a simpler format > * the language on all the screens is standardized to say "direct message" > * there is a "Return to App" URL on the Deny and Cancel screens that > redirects the user to the oauth_callback url with a 'denied' parameter > instead of oauth_token. > > This next parameter isn't needed by everybody but we will be adding > screen_name support to the authorize and authenticate pages in the next few > days. If you want to add this to your code ready for when we release the > feature you can, but please know the screen_name parameter will be ignored > unless you also provide the force_login parameter. The screen_name parameter > pre-fills the username field of the OAuth screen when force_login is true. > The user is still able to edit the field, even if it is prefilled. > > Lastly, these are the main points discussed in previous emails and Tweets: > * The new permission level will be enforced on 30th June. > * If you don't need to read or delete direct messages you do not need to > update the permission level of your application. > * Read/Write applications will still be able to send direct messages, even > after the enforcement date. > * Existing oauth_tokens will not be invalidated, even if the application > permission level is altered. > * You can find out the current permission level of an oauth_token by > inspecting the headers of an authenticated request to the API. Look for > the X-Access-Level header. > > Best, > @themattharris <https://twitter.com/intent/follow?screen_name=themattharris> > Developer Advocate, Twitter -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk