Unfortunately the way that Twitter's OAuth works, at least when I dove into it a few months ago, is that if you ever want to send out a Tweet on anyone's behalf (for totally legitimate reasons, with user permission etc), you have to request write permission from everyone. And whatever choice you make now, you're basically stuck with, for a variety of reasons. This is why the vast majority of apps decide to ask for both read and write access even if they don't need/want it right away.

You don't have to ask for it from everyone, you just have to know at auth time. If you don't know, I agree, it's a hassle...

write permission is set at an app level, not a per-user level... so asking at auth time is already to late to know.

Nope, you can do it when redirecting the user to the OAuth provider:

http://blog.stochastictechnologies.com/gaining-read-only-acc...

Nice! How does that handle upgrading the permissions later? That was one of the big problems I ran into before: that we requested read access and then to get write access we had to have users first revoke permissions and then grant them again (a nonstarter.)

I'm not sure, unfortunately, but I assume that if you log the user in and out, requesting read-write permission the second time, it will ask.

Thanks!

yes, we're behind push.ly. We need write access to send a tweet out if you decide to upgrade from the default level of following 3 people to 30 people. but we never tweet on your behalf without your express permission.