Downgrading application permissions -- does it change auth keys?


When I created my application (a tweeting tool), I set the permissions level to the “Read, write, and access direct messages,” thinking I might add DM functionality at some point. I’ve had some complaints from users saying they don’t want to give DM access, and so I’m considering downgrading the permissions to just “Read & write.”

Will this change my application’s auth keys (consumer or secret) or invalidate any existing access tokens for my users?

My concern is really just that I don’t want to invalidate my existing users’ logins (these users weren’t sending DMs yet, so I’m not expecting their user experience to change at all).

Thanks for any help!


It should not invalidate any existing keys. Those existing keys will actually remain at the permission level they were originally authorized at and the users will have to revoke them manually to get rid of the DM permission.


Great, thanks for the quick answer!