Tokens being overwritten



We are trying to dynamically change permissions based on workflow instead of asking for blanket permission for everyone to everything.
So we tried using combination of x_auth_access_type + Authorize endpoint and we are able to switch between the different levels when the user needs a different permission.
However, when mixed with the “Sign in with Twitter” workflow, which uses “Authenticate” end point we run into problems.
The Authenticate end point works well when the user has authorized us for read or write permission, the workflow will authenticate the user and gives us the same permission as before (or higher if requested, e.g. converting the user from read to write)

But if the user has authorized DM permission, we cannot use the authenticate workflow with x_auth_access_type set to “write”, it will downgrade the permission as opposed to keep the old one.

Any ideas how to solve this?


This only happens between DM and write permissions, if the user has authorized the app for write permission and call the authenticate workflow with read only permission, the authorization with write permission remains intact (as expected)
Any idea how to overcome this without asking everyone for DM permission?


Hey @andypiper can you please help?
Running out of options here, don’t know how to prevent the tokens from being overwritten when invoking sign in with twitter workflow?