I was also hit by this bug, changing my app’s permissions from Read/Write down to Read. Afterwards any users who were previously logged in were unable to get past the authorization screen. Pressing the “Sign In” button didn’t do anything.
You can fix it per-user by going into the user’s settings in twitter.com, then into Apps, then revoking permissions to the app. Afterwards authenticate will work as expected (prompting just the first time).
I also tried regenerating the API keys… I can confirm this DOESN’T work so don’t try it to solve the problem.
The only thing that works for sure is using /authorize instead. Since you don’t know ahead of time if a user has one of the bad old tokens or not, you have to force all users through /authorize. That is a really lame situation 
Too bad this bug is still around, it’s inside a post from twitter to itself and therefore not something that we API users can debug.
