OAuth2 Login only scope #26
Description
Hi there.
Short: Asking for twitter OAuth2 api to provide a log-in/authentication scope only.
Long: Twitter is an awesome network of people (and other entities). I'm trying to build a cool new service providing special functionalities only to twitter users. And to do that, I tried to rely on Twitter's OAuth2 APIs to authenticate the twitter users using the new proposed service. For now, my service doesn't require any privileges from the twitter authenticated user other than to just recognize the twitter user in my system. I tried looking for a minimal login only scope for authentication but couldn't find any. The closest that I found for this was the users.read or offline.access. These are minimal, but the consent notification presented to the twitter users is still somewhat cryptic and probably discourage users from continuing with the authentication flow.
For example:
'offline.access' msg: "Stay connected to your account until you revoke access."
'users.read' msg: "Any account you can view, including protected accounts."
Google and Github as examples provide identity scope only authentication model. Can twitter API provide similar functionality?
Thanks