Hi! We're doing that to allow you to update your profile from within the app. Not doing anything else besides that. If you have concerns, take a look at the source code: https://github.com/colibri-social/colibri.social

▲

czbond 2 days ago | parent | next [-]

Very interesting project.

From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.

An example might be when a user has used your app for N sessions, or after N months.

▲

iamnothere 2 days ago | parent [-]

They should prompt the user for permission when they use a feature that requires it, explain why, and allow them to cancel if desired. Have seen this pattern used many times elsewhere.

	▲	louisescher 2 days ago \| parent [-]
		Good idea, will implement that! Maybe a button or something to refresh your permissions when/if you want to edit your profile via Colibri makes sense.

▲

verdverm a day ago | parent | prev [-]

If that's all you are doing, then narrow the permission set for oauth. No need to have access to posts if you aren't touching them.