On Wed, May 18, 2011 at 12:50:30PM -0700, Derek Gathright wrote: > I agree with Scott. A token should simply be a bond between the user > and the app, it should not contain any knowledge of > permissions/restrictions. A token simply represents "Hi, I'm making a > call on behalf of Joe User. Attached is the request I want to make. > Make sure I'm allowed to do this before you execute it." > Forcing re-authentication whenever permissions change is a major pain > for both developers and users. Removing permission-based tokens > benefits the user because they can modify the access an application has > without having to re-authenticate, something 99% of users will not > understand.
+1 -- Martin Dapas -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk