Inconsistency with app settings and permissions presented to users


I seem to be having some inconsistency issues between my app settings and the authorization page presented to my users.

Worked fine previously, but sometime in the last couple hours I started getting errors in my app that I was not allowed to check DMs on behlf of the users, (though I am able to send for them, unsure if that is expected functionality).

App settings (for 140Quick) are for access to DMs, token and secret within app are consistent with those shown on

Possible bug?


You’re correct that the sending of DMs is a totally different permission than reading them (it’s included in the write permissions).

Is it possible you’re using oauth/authenticate instead of oauth/authorize on the authorization step? oauth/authenticate will not yield RW+DM permissions, while oauth/authorize will. If not, are there any parameters you may be sending to oauth/request_token that specifically request a rw-only permission level?


That is exactly what it was.

Devise with omniauth-twitter, discussion and patch here for anyone else who comes across this post looking for a solution.