3 min read
Facebook apps, which can ask for any set of permissions from a user at any time, can start by requesting some basic permissions and can request others later when the users trust has been won. In contrast, Twitter apps are very inflexible. You must set what permissions you want and ask for them at the start, with no chance to change them.
If your Twitter app could work equally well with both read-only or write permissions, what do you do? If you ask for read permissions part of your app won't work, and if you ask for write permissions then some users may be scared to give them to you and just abandon your app.
For ShowShift, I had this problem and I decided to try a different approach. I made 2 Twitter apps, one with read-only permissions and one with read and write permissions.
When the user signs up
The login link they first click is for the read-only app; then they are logged into the app and can use it at will. But they are prompted that if they let us have write permissions, they get more features.
The yes button takes them to Twitter to authorise the write app.
Behind the scenes
You now may have two sets of tokens for each user; one for the read-only app and one for the write app. Store them in separate columns in your user table and then use what ever is appropriate for what your doing.
CREATE TABLE user_account ( Â id BIGINT NOT NULL, Â .... Â read_only_oauth_token VARCHAR(250), Â read_only_oauth_secret VARCHAR(250), Â write_oauth_token VARCHAR(250), Â write_oauth_secret VARCHAR(250), PRIMARY KEY(id) );
When the user returns
The login link they first click is for the read-only app; so the login and sign up link is the same. This is enough to authenticate them and let them into the app.
Is this worth it?
Is having two apps, and the fuss of having to ask the user for authorisation twice to much? Is the proportion of users who are put off by your app asking for write permissions to start with so small that this added complication isn't worth it? For some apps, maybe.
However, the users of ShowShift are going to be quite geeky to start with because of what it does, so I thought I'd give it a go and see what happens. The challenge now is to tweak the user interface to make it easy to understand. Comments welcome!