Retrospring
Twitter Authorization Scope
When connecting to Twitter a list of abilities for the requested scope are shown:
Would it be possible to limit the access required? Or are all/some of these required to be able to operate as intended? At the moment, it looks like the primary operation only requires posting tweets to the account.
Hi, this is because we are still using APIv1 which only has three scopes: read, write (which is what it's set to), and write including direct messages.
While APIv2 has some more granular scopes, we haven't really gotten around to migrate to it, especially since it requires developers apply for it (perhaps even pay for it, I don't know), and the current OAuth application is still bound to my private Twitter account that I haven't touched in years.
That being said, it is definitely something that will be looked into the future. We get asked about this quite a lot.
@raccube @pixeldesu one idea that I just got: maybe we can create a completely new OAuth app on Twitter that's not bound to any personal account, and only create new connections using it? I think the current services set-up works fine here: the Services::Twitter service could then be renamed to e.g. Services::TwitterLegacy and co-exist with the one that uses the new OAuth app. Should we need to vendor a gem because e.g. some class names overlap we can try out Automatiek (also used by Bundler).
Good thing we didn't invest any time into this.
Twitter is killing free API access in a week, so we're focusing on #1041 instead.
