Hi kosso,
Thanks for asking this question. If you go through the OAuth flow now you will notice that we have updated the text to better clarify what information applications will or will not have access to during this permission model transition period.
We've also released the other requested updates to the OAuth flow. There are:
* standardized the language on the screens and API responses to 'direct message' to better relate to the functionality and the API paths it's connected to.
* added support for the force_login parameter to the /authorize flow.
* added a link/button on the cancel page that calls the application callback with a denied parameter. This allows users who are in the web view to get back to your application without completing the authorization process.
* improved the OAuth screens on phones unable to support the new ones.
As a reminder, the enforcement date for the new permission is the 30th June. On this date all R/W tokens will lose the ability to read and delete direct messages.
Applications requiring DM access are encouraged to transition the requested permission level setting of their applications prior to the cut off date.
If you do not need to read or delete direct messages you do not need to update your application.
Updates and the FAQ for the new permission model can be found on our developer resources site:
and
Best,