Upgrading read-only tokens?


#1

We have an app that currently only requires read-only access to Twitter, but which will need to allow users to post going forward. For new users, that shouldn’t be a problem, but for any folks who already have an access token, is there any straightforward way to upgrade them?

It appears right now that we’ll need to do something like this:

  1. Send some request to the API,
  2. Inspect the response headers for X-Access-Level, and if it’s read,
  3. Log the user out, and then
  4. Ask them to log back in.

Is that accurate?


#2

Yes, that’s basically what you’ll need to do. An alternative method would be to invalidate / discard all of the tokens your app stored prior to the change in permissions, which would cause the user to need to login again to adopt the new permissions.


#3

An alternative method would be to invalidate / discard all of the tokens your app stored

Just for context: I’d originally posted this in the TwitterKit forum, and the question was meant to reflect that a) the change to our Twitter app and the change to the executable app on the user’s device couldn’t necessarily be coordinated, and b) much of the token management is done by the TwitterKit code.

So the shortcut I was kind of hoping for was as a part of TwitterKit, rather than the OAuth process in general.