This topic was archived on 07/29/09

Archived because: This addresses an obscure topic, and has been answered already.

Share Follow

Know any helpful people?
Email this to a friend
- Your Name:
- Your Email:
- Email to: Enter up to 5 email addresses separated by commas
- Add an optional message
- Optional Message:
  Character limit of 1000 characters
- Or cancel
Twitter this
Share on Facebook
Get a short URL

Share it on these other sites

2 answers marked best

4 replies made

2 people participating

1 employee helping

The mood in here

happy 0

silly 0

indifferent 2

sad 0

Products & Services

amplus

Add a product

This topic is tagged

Add a tag

Possible to restrict OAuth permissions?

I like that you say you won't send Twitter messages without my direct approval, but in that case wouldn't it be enough to just access, rather than access and update with the OAuth permissions?

Your FAQ: "We take you to twitter, propose a message, and then you can do what you want with it..." seems spot on, but that's just a link to ...?status=... on Twitter and needs no OAuth permissions.

Naturally, I'm quite a fan of the principle of least privilege.

I’m just a little concerned

Inappropriate?

Reply to this question

1 person has this question

I have this question, too! Tell me when someone answers.
The more people who ask this question, the more it gets noticed.

The company marked this question as answered.

See the changes made to this question

EMPLOYEE

Remove Inappropriate?
Delete or Edit

adrideo, Official Rep, replied on July 19, 2009 10:32

We're likely to add the option to update Twitter via OAuth later, so we've requested update permissions now.

We might also add options to favourite things in Twitter, or follow people on Twitter that you found on amplus.

The company says this answers the question

Add a comment This answers the question Mark as a company answer
Remove Inappropriate?
Delete or Edit

Ashok replied on July 29, 2009 07:26

Since I re-auth most every time I return to the site, can you not keep the minimal permissions until you're really going to use them? When it does change, you could just (one-time) log people out who haven't given you so much power. Since I think I'd never want automated posting, I'd probably not use the service if you forced the choice.

I've seen a rash of little quizzes lately that post as the user, via OAuth or password; often enough the user is surprised by this. I happen to trust you not to post as me without saying so clearly, but right now there's a mismatch between your FAQ ('only when you ask us to') and the permissions you request. You're trustworthy, but you might look similar to some of the less trustworthy folk to a random person.

this answers the question

Add a comment This answers the question
EMPLOYEE

Remove Inappropriate?
Delete or Edit

adrideo, Official Rep, replied on July 29, 2009 07:33

Sorry, but we won't be doing this.

Changing permissions mid-flow seems like a lot of trouble for little gain. Also, I don't see the mismatch. "Only when you ask us to" means just that - when we start posting for users we'll always ask them first.

The company says this answers the question

Add a comment This answers the question Mark as a company answer
Remove Inappropriate?
Delete or Edit

Ashok replied on July 29, 2009 07:41

Your choice, obviously.

Right now there's just no explanation on the amplus site saying why you are asking for posting permissions. That naturally makes me nervous when you do.

this answers the question

Add a comment This answers the question

Reply to Ashok's question

(Some HTML allowed)