Unfortunately there isn’t a single URL which will accomplish what you want. You can get something close to this flow if you follow these steps:
1.) Use /oauth/authenticate in order to let users “sign in” to the app, which will result in a read/write only token the first time the user signs in.
2.) Once signed in, prompt the user to see whether they wish to enable DMs.
3.) If yes, redirect the user to /oauth/authorize. Once this flow is done, store the new read/write/DM token, and note that the user has enabled DMs in the app data store.
4.) Future “Sign in with Twitter” calls through /oauth/authenticate will return a read/write/DM token.
5.) Check the “enabled DMs” flag in the data store to see whether to prompt the user to upgrade the token, and for any branching logic that requires DM access to be present.
