3

In Facebook API:

"When a user allows you to access their basic information in an auth dialog, you have access to their user id, name, ... To get access to any additional information about the user or their friends you need to ask for specific permissions from the user."

So basically Facebook allows for use of the API with restricted permissions by default, and then it specifically asks for all sorts of permissions you might use.

In Twitter when the user is redirected to the twitter popup on "account/verify_credentials" the popup shows: "This application will be able to:

Read Tweets from your timeline.
See who you follow, and follow new people.
Update your profile.
Post Tweets for you."

It is basically giving me permissions that I don't need right off the bat and it might drive the user away from giving me such permissions (I wouldn't blame them)

Is there a way to get restricted permission (such as user info, and that's about it) thus show less items the user is allowing me to do in the popup ?

haknick
  • 1,892
  • 1
  • 20
  • 28
  • what do you need to gather about the user? You may not even need oauth.. (in that case you can ask them just to enter their Twitter username) – Chamilyan Jan 03 '12 at 00:07
  • I need to know if this is a valid Twitter user, and that this indeed is the twitter user since he authenticated. Basically use Twitter as an Identity service so they don't have to go through my registration process. – haknick Jan 03 '12 at 01:34

1 Answers1

5

Sign into https://dev.twitter.com/apps, select the application, and switch access to read only on the settings tab. This will remove the Update your profile and Post Tweets for you permissions. The first two permissions are always present with Twitter OAuth.

abraham
  • 46,583
  • 10
  • 100
  • 152
  • This is it. Totally forgot about the application page. Thnx – haknick Jan 03 '12 at 01:37
  • @abraham Is this the only way? Is there no way of asking one or more of these permissions programmatically? – Dilip Raj Baral Jun 05 '16 at 04:09
  • @DilipRajBaral Twitter has three levels of permission: read, write, and direct_messages. Each level includes the permission of the levels to the left (e.g. write includes read). During [POST oauth/request_token](https://dev.twitter.com/oauth/reference/post/oauth/request_token) you can specify a lower level from the default for that specific authorization. – abraham Jun 05 '16 at 23:59
  • @abraham So, you are saying if the app is configured to allow only `read`, we cannot ask for `read-write` or higher? – Dilip Raj Baral Jun 06 '16 at 04:02
  • @abraham Also, could you look at this? http://stackoverflow.com/questions/37638911/how-to-check-if-an-app-has-an-access-to-direct-messages – Dilip Raj Baral Jun 06 '16 at 04:03
  • 1
    @DilipRajBaral as I understand the docs you have to configure the docs at the highest level you want and downgrade during user auth – abraham Jun 06 '16 at 19:36
  • @abraham Thanks. That helps. :) – Dilip Raj Baral Jun 06 '16 at 21:58
  • @abraham What do you think about this? http://stackoverflow.com/questions/37680969/twitter-rest-api-cannot-get-an-email – Dilip Raj Baral Jun 07 '16 at 13:53