I've successfully managed to get an OAuth access token and am able to make requests on behalf of the user. I did, however, run into an interesting scenario early on when I made an accidental typo.
My initial page was: http://www.example.com where I made my request for a request token. My callback URL was: http://example.com where I made my request for an access token.
It seem to trip up my try(make request for access token)catch(display error message). I kept getting error message about a bad token request.
Any ideas?
'www.example.com' and 'example.com' are two different domains - the error was probably due to the callback url not being within the 'realm' of the original request. This is a security measure to make sure you cannot hijack a request and have the callback go to an evil domain.