aaronpk


aaron.pk
August 18
benw: When you create an app, it should declare which permissions it actually requires to function (disabled, ticked checkbox) and which it desires by default (ticked checkbox.) Everything not required is optional/user definable. Permission to posting a tweet is separate from other, private profile writing operations, since it’s so socially destructive. Apps would never be allowed to require posting permission (if denied, they fall back to generating a URL the user can use to manually post through the Twitter website.) I think this also makes the permissions/capabilities copy clearer. Bonus. This is spot on, exactly how Twitter should behave. Interesting to note that the OAuth 2 spec has a mechanism in place for declaring and requesting “scopes” which would support exactly this.

benw:

  • When you create an app, it should declare which permissions it actually requires to function (disabled, ticked checkbox) and which it desires by default (ticked checkbox.)
  • Everything not required is optional/user definable.
  • Permission to posting a tweet is separate from other, private profile writing operations, since it’s so socially destructive.
  • Apps would never be allowed to require posting permission (if denied, they fall back to generating a URL the user can use to manually post through the Twitter website.)
  • I think this also makes the permissions/capabilities copy clearer. Bonus.

This is spot on, exactly how Twitter should behave. Interesting to note that the OAuth 2 spec has a mechanism in place for declaring and requesting “scopes” which would support exactly this.