Why request the kitchen sink on startup? For example, if I have an app that posts on my wall when I perform certain actions inside the app, why not check and ask for that permission at that point? As a user the cause-effect will be clear since I've just performed an action that requires post.
The only benefit I see of the all-at-startup solution is that it provides one single "interruption" to the user. But the list of things an app might do can be large, even though it only may need to do some of them rarely. So if I see a big long scary list I'm more likely to just cancel out.
oauth2 permissions are not agile at all. there is no 'one time token' for some action or 'allow it for 1 day only'. If you allowed 'wall' - it's forever.
Yes, but at the first point where the user performed an action relevant to their desires, you have requested the associated permission. The connection is clear in their mind and the app's request for that permission makes sense.
The only benefit I see of the all-at-startup solution is that it provides one single "interruption" to the user. But the list of things an app might do can be large, even though it only may need to do some of them rarely. So if I see a big long scary list I'm more likely to just cancel out.