I've been waiting a week for some response to a question. I just found that the question never was distributed. I'll try again.
I've made a little progress on my own, but not much. I feel like I'm beating my head against a wall, and I'm very frustrated. To recap: I have a prototype application which was based on the example on Abraham's web site. It works with an old version of twitterOAuth, and I'm trying to upgrade it to use version 0.2.0-beta2 (I gather that's the most current version), which I need to develop my prototype further. It doesn't work, and I don't know why. First, a word about terminology: there seems to be a lot of confusion about “key” versus “token.” The documentation I've read seems to distinguish the two, but doesn't use them consistently. I'm using “token” to denote the combination of a key and secret. Here's what I'm doing now: 1. Create a TwitterOAuth object with consumer key and consumer secret. 2. Call $oauth->requestToken($callback); save the resulting token for later use. 3. CAll $oath->getAuthorizeURL($request_token,false). 4. Link to the returned URL. 5. On return to the callback, create a TwitterOAuth object with consumer key, consumer secret, request key, and request secret. 6. call $oath->getAccessToken($verifier), where $verifier comes from the URL's parameter string. 7. Use the resulting access token to create a new TwitterOAuth object with consumer key, consumer secret, access key, and access secret. 8. Try to perform an operation. Everything seems to work well up to step 8, where I get back a response that says, “Could not authenticate you.” I'm baffled. It seems to me that either this thing works or it doesn't, and if it doesn't, there's no logical process for figuring out why. I noticed one odd thing which might be a clue. I understand that the "oauth_token" returned to the callback URL is supposed to the same as the request key passed to the oauth_token passed to the authorization URL (and thus, I assume, the request key in the request token passed to getAuthorizeURL. It ain't so. The value returned to the callback URL doesn't match anything else I recognize.