Ok, I just went through the following exercise: 1. changed app permissions to R/W/DM 2. reset oauth tokens and updated my app 3. reverted app permissions to R/W
And BOOM. Can't access my own apps DMs even with new token perms. So, I guess I need to have ALL of our customers approve our app to read their DMs solely so I can read my own!! I also need to have them use the Authorize flow rather than Sign in. Can anything be done to help me out here? To me it's obvious that customers should not have to authorize their accounts just to give my app permission to read it's own DMs. This is a huge downer. On Jun 30, 12:27 pm, Chris Teso <christ...@gmail.com> wrote: > Arnaud & Taylor, > > Thanks for the response. I must say that I'm confused as to why the > decision was made to block ones own app from reading their own DMs? > Can you elaborate on the logic behind this decision? > > It seems logical that I would not have to re-authorize my own app > tokens to view my own DMs. Further, I do not want to change my apps > permission levels to do so. This effects ALL of our customers solely > so I can read my own apps DMs! If I follow Taylors suggested new token > request, can I then revert my apps permissions and still access my > apps own dms? ie: I DEFINITELY do not want to keep my app permissions > set to R/W/DM when I don't need to access any customer DM data. > > Thanks, > Chris > > On Jun 30, 12:17 pm, Taylor Singletary <taylorsinglet...@twitter.com> > wrote: > > > > > > > > > Additionally, newly generated tokens with the "My Access Token" feature on > > dev.twitter.com will now return an access token at the same level of access > > your application requests. > > > If you used "My Access Token" to generate your token in the past, you'll > > want to first go tohttp://twitter.com/settings/applicationstorevoke your > > access token's permissions and then go back to dev.twitter.com's My Access > > Token feature to re-negotiate an upgraded token. > > > Any token that transitions from one state to another will have the string > > representation of the access token and secret changed: If a token goes from > > RO to RW, the strings will change. If a token goes from RW to RWD, the > > strings will change. If a user revokes a token and you then renegotiate the > > token, even if the permission level didn't change, the strings will change. > > > Thanks, > > @episod <http://twitter.com/intent/user?screen_name=episod> - Taylor > > Singletary > > > On Thu, Jun 30, 2011 at 12:11 PM, Arnaud Meunier <arn...@twitter.com> wrote: > > > Hey Chris, > > > > The new permission model applies to all access tokens, including the > > > application owner's one. You have to reauthorize your existing > > > access_token > > > through the OAuth Flow, just like any other user. > > > > Arnaud / @rno <http://twitter.com/rno> > > > > On Thu, Jun 30, 2011 at 11:56 AM, Chris Teso <christ...@gmail.com> wrote: > > > >> I assumed that the new permissions would not apply to an app reading > > >> it's own DMs. ie: When authenticating with an apps own token and > > >> secret /1/direct_messages.{format} should not enforce the R/W/DM > > >> policy. > > > >> Appears this is not the case? > > > >> On Jun 30, 11:39 am, Arnaud Meunier <arn...@twitter.com> wrote: > > >> > Hey Developers, > > > >> > As planned, the new three-tier permission model is now officially in > > >> effect. > > >> > Please remember that you don't have to make any changes if your > > >> application > > >> > or service doesn't need to read or delete Direct Messages. > > > >> > Key points: > > >> > - Existing oauth_tokens have not (and will not) be invalidated, even if > > >> you > > >> > update your application permission level. > > >> > - Read/Write and Read tokens are now unable to read and delete Direct > > >> > Messages. If you wish to read or delete a user's Direct Messages, you > > >> need > > >> > to update your application and have your existing access tokens > > >> reauthorized > > >> > through the OAuth authorize web flow. > > >> > - All authenticated API requests return an "X-Access-Level" header, so > > >> you > > >> > can find out the current permission level of the access token you're > > >> using > > >> > (read, read-write, or read-write-directmessages). > > > >> > For more information, be sure to take a look on: > > >> > - The Application Permission Model documentation page: > > >>http://t.co/elH0KY4 > > >> > - The Application Permission Model FAQ:http://t.co/1Wliqg4 > > > >> > Thanks again for working with us on this new permission level, > > >> > Arnaud / @rno > > > >> -- > > >> Twitter developer documentation and resources: > > >>https://dev.twitter.com/doc > > >> API updates via Twitter:https://twitter.com/twitterapi > > >> Issues/Enhancements Tracker: > > >>https://code.google.com/p/twitter-api/issues/list > > >> Change your membership to this group: > > >>https://groups.google.com/forum/#!forum/twitter-development-talk > > > > -- > > > Twitter developer documentation and resources:https://dev.twitter.com/doc > > > API updates via Twitter:https://twitter.com/twitterapi > > > Issues/Enhancements Tracker: > > >https://code.google.com/p/twitter-api/issues/list > > > Change your membership to this group: > > >https://groups.google.com/forum/#!forum/twitter-development-talk -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
