Describe the bug

In the docs for the DM list API: https://developer.twitter.com/en/docs/twitter-api/v1/direct-messages/sending-and-receiving/api-reference/list-events

The twurl example given is: twurl -X GET /1.1/direct_messages/events/list.json

When I run this I get {"errors":[{"code":93,"message":"This application is not allowed to access or delete your direct messages."}]}%

To Reproduce
Steps to reproduce the behavior:

1. twurl authorize --consumer-key <snip> --consumer-secret <snip>
2. Go to the given URL. Notice that no DM permissions are requested.
3. Authorise the app + Copy the pin. See message "Authorization successful" in console.
4. twurl -X GET /1.1/direct_messages/events/list.json (directly copied from documentation)

Expected behavior

A successful response. For example (from the docs):

{
  "next_cursor": "AB345dkfC",
  "events": [
    { "id": "110", "created_timestamp": "5300", ... },
    { "id": "109", "created_timestamp": "5200", ... },
    { "id": "108", "created_timestamp": "5200", ... },
    { "id": "107", "created_timestamp": "5200", ... },
    { "id": "106", "created_timestamp": "5100", ... },
    { "id": "105", "created_timestamp": "5100", ... },
    ...
  ]
}

Actual behavior

{"errors":[{"code":93,"message":"This application is not allowed to access or delete your direct messages."}]}%

Screenshots

Auth UI:

Desktop (please complete the following information):

• OS: MacOS
• Browser Vivaldi (based on Chromium)
• Version 3.7.2218.45 (Stable channel) (x86_64)

Oops, this was my mistake! I thought twurl was defining the permissions requested but they're actually coming from the application defined in the developer portal. You need to edit the permission of the app to be "Read, Write, and Direct Messages", and then re-authorize and you'll get the correct permissions. Closing :)