At one time, oauth/authenticate left users logged into twitter while oauth/authorize didn't.
As of today, oauth/authorize leaves users logged in. It's important to have an oauth method that does not leave users logged in, as discussed as part of http://code.google.com/p/twitter-api/issues/detail?id=1070 . How do we use oauth without leaving users logged in?