Hey all,

I thought in Oauth (1.0) that you were getting the request- and access- token and token secret, so in total 4 keys. Now I've been reading some more about Oauth and I came across this; http://wiki.oauth.net/w/page/1223855...allback%20URLs

Why is the token sent twice from the service provider in point 5? It's already sent and set in a session/cookie alongside the request token secret.