Hey all,
I thought in Oauth (1.0) that you were getting the request- and access- token and token secret, so in total 4 keys. Now I’ve been reading some more about Oauth and I came across this; http://wiki.oauth.net/w/page/12238555/Signed%20Callback%20URLs
Why is the token sent twice from the service provider in point 5? It’s already sent and set in a session/cookie alongside the request token secret.