Fine grained control over permissions requested through Fabric

oauth

#1

Currently when someone is prompted to sign in via Fabric, they are shown the following screen:

Where do the 4 permissions under “This application will be able to:” come from? I only want to post tweets from my app - not read tweets, see who you follow, or update profile. How can I specify the only permission to be “Post tweets for you”? I see in the Fabric console I can set the access level as read only or read+write, but that isn’t very fine grained control over what permissions are shown as needed.

P.S. this is an Android app.


#2

Our OAuth model provides three options:

  • Read-only (read Tweets, also including seeing who you follow)
  • Read/write (read, post Tweets, read/update profile) <- this is the one you need
  • Read/write with DM access (as above, with access to read and post DMs)

Unfortunately we don’t offer anything more granular than this at this time, so you’ve selected the correct option. You could of course add information in your app screens to clarify that you will only use the ability to post Tweets.


#3