[rodp]

Thanks!

The app lets users send tweets or DMs and I didn’t find an obvious way to narrow the required permissions down to just that. But a few people have now pointed this issue out and I think I will just remove that functionality and require only read permissions.

[ddevault]

You can also send users back through the oauth flow to up their permissions the first time they try to use the feature.

[rodp]

Thanks for the tip. If I end up keeping that feature, that seems to be a smart way to go about it. Due to time constraints, I was trying to keep it simple. Perhaps too simple.