So, you’ve signed in to an application using Twitter OAuth. Now what? With read and write access, an application can:
- Unfollow all of the people you are following
- Follow any number of Twitter users
- Block any number of Twitter users
- Favourite any number of tweets
- Send a Direct Message to everyone you are following, multiple times
- Send a tweet, multiple times
- Change your Twitter background, profile data, colours, etc.
- Follow, and unfollow, any number of lists
- Create, delete, and edit your lists
Basically, allowing access via OAuth can enable application developers to do a lot of things. However, because they don’t have your password, you can revoke your connection to the application via the appropriate settings to stop any further mis-use of your account. Unlike giving an application your password (that they could easily store, and then change) once an access token created by OAuth is revoked, the pesky developer will have no further access to your account details. Unless the damage has already been done. Be wary of applications that request read and write access, particularly ones that just read tweets. Anything that involves sending, updating, or deleting will require read and write access. I could tell you about accessor and mutator methods, but, I won’t.