Changing Twitter application OAuth access level and re-authorizing Users

1
votes

It appears as though the Twitter API doesn't automatically route an OAuth authentication request back through the authorization process if the user's existing authorization of the app doesn't match up to the required access level. For example, let's say an app has changed from "Read, Write" to "Read, Write, Direct Messages", but the user only authenticated for "Read, Write".

Would you simply clear all existing oauth tokens in the DB, thus requiring all users to re-authorize the application - or is there a way to check whether an oauth record matches up to the required access level and, if not, to route the user back through the authorization process?

1
twitteroauth
Wow - so this has been broken for well over a year. I've yet to determine any way of moving from a read app to a read/write app that hangs together.Philip Pearl

1 Answers

0
votes

A thread on the Twitter Developers forum https://dev.twitter.com/discussions/1253 suggests the /authorize URL (leading to the authorization process) has to be used in order to authorize a Read, Write, DM permission for the first time (which overwrites any previous permission level). Once the app has been authorized the /authenticate method can be used from then on - although I haven't found any info on how to determine whether a user has previously authorized an app prior to redirecting to either /authorize or /authenticate.