Ah, ok. The header allows you to make one (1) call to Twitter, usually
the verify_credentials.json page. This allows you to verify that the
user has a Twitter account (and even get some information about the
user), but it will not allow you to send messages etc.
OAuth Echo is nothing more than a
Hey Tom,
I think I am falling into this pitfall myself. I don't have the users
information only the information that the iPhone twitter app sends me
for posting an image on a custom end point. With that header
information they send should be enough to send back to twitter to get
the user
