Reauth necessary for lowering app permissions?

NOIZgg · 2020-11-24T23:16:21.864Z

Hello All,

I caught one other post regarding this, but I just want to triple check. We’re currently read/write, but have been getting complaints from our users regarding the auth scope, so we’re considering lowering permissions to read only. Can I get a quick confirmation that we won’t have to reauth everyone in our app if we decrease permissions?

thanks!

IgorBrigadir · 2020-11-25T12:02:22.710Z

As far as i remember, tokens retain their permissions - so if you change to read only the new tokens you get will be read only but the old ones will remain read & write until revoked and re-created. (i don’t think tokens expire after you change app permissions but i’d wait for someone from twitter to confirm, i’m only going by an old memory of doing the same thing)

andypiper · 2020-11-25T12:19:36.994Z

Yes, this is correct. Technically, in order for your existing users to be assured that you only have access to read permissions for their account, they would need to re-authorize. Any tokens you retain from before the permissions change, would keep the permissions that they had at the time of authorization. Any new user sign-ups would only see the read-only permissions and only grant you those permissions with a sign-in.

system · 2020-12-09T12:19:37.816Z

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.