Connected Accounts: Login with twitter asks for too many permissions

colcar

Active member
When a user clicks the button to "Log In With Twitter" they are confronted with these outrageous permission requests:

screenshot-621.jpg


It's far too much to ask a user for, and I doubt any user in their right mind would give those permissions just to use my forum.

Why does Twitter ask for all of that? All I need is the email address.

I know this isn't a Xenforo problem but I've tried to wade through twitters' documentation and got nowhere and they don't seem to have any support to talk to so I'm hoping someone has experienced this already and can offer advice.

Is there a setting somewhere in twitters' API where I can just ask users for their email address and not all that other stuff I don't need?
 

mcatze

Well-known member
Thanks to whoever moved my post to a section of the forum where I'm unlikely to get any response from anyone.
This is the correct section for your question.. ;)
Why does Twitter ask for all of that? All I need is the email address.
Twitter has 3 permission models for the apps.
There are three levels of permission available:
  1. Read only
  2. Read and write
  3. Read, write and access Direct Messages
Quote: https://developer.twitter.com/en/docs/apps/app-permissions
 

Jake B.

Well-known member
XenForo doesn't ask for any specific permissions, that's just what Twitter gives with "read only", and is the lowest that can be selected. If someone thinks it's too much they can sign up normally with an email and password can't they? XenForo doesn't even store or use the access token after it's requested initially
 

colcar

Active member
XenForo doesn't ask for any specific permissions, that's just what Twitter gives with "read only", and is the lowest that can be selected. If someone thinks it's too much they can sign up normally with an email and password can't they? XenForo doesn't even store or use the access token after it's requested initially
I know this isn't a Xenforo problem, that's why I said in my OP "I know this isn't a Xenforo problem".

I was hoping someone had seen this problem before and could offer advice on what settings to change in the Twitter API because I can't find any settings that will help this.

Yes, of course people can sign up with an email and password, the point of signing up with a social account is that it's supposed to be a nice and easy way to do this but people would be much more likely to be scared away once they see how many permissions are being asked for.
 

mattrogowski

Active member
You can't set finer-grained permissions in Twitter than the 3 options it gives you, it will always provide access to that data and can't be changed in any way, and due to that will always show that message. Twitter's APIs aren't scoped beyond read, read/write, and read/write + DMs. It's just a limitation of Twitter's implementation, it's not like Facebook where you can specify granular data to give access to.
 

colcar

Active member
You can't set finer-grained permissions in Twitter than the 3 options it gives you, it will always provide access to that data and can't be changed in any way, and due to that will always show that message. Twitter's APIs aren't scoped beyond read, read/write, and read/write + DMs. It's just a limitation of Twitter's implementation, it's not like Facebook where you can specify granular data to give access to.
Ok thanks for that.
 
Top