Thank you, but I believe that is what I am currently doing. I have one app, owned by the @iembot user. This app presents a HTTPS configuration page, of which my x00s bots visit (I do this manually) to configure which messages the app should post on their behalf. That webpage then saves their oauth tokens to a database to use to then post to twitter API on their behalf. I don’t have one app per user. If I understand what you are describing.
