Does Twitter Oauth allow a user to authorize a consumer for a long period of time?
For example, if a user uses a consumer app that generates status updates automatically, can the user authorize that consumer once and then let it send status updates for the following 12 months?
Yes. When the user presses the "Allow" button, the 3rd party app gets an access token that has an indefinite expiration time. Currently tokens are valid until the user revokes them.
http://apiwiki.twitter.com/OAuth-FAQ#Howlongdoesanaccesstokenlast
When a user Allows your application they are returned to you with the original request tokens. These have a limited window before expire to avoid brute-forcing. Those request tokens can be exchanged for access tokens which currently do not expire.
Users can revoke the access tokens at anytime though.