Ok, I've dug into some basics of OAuth and also the code of Tweet#. After authorization, I'm armed with my user record and a map of it to an OAuth token (A) and secret (T1). Now, weeks later, the user returns to my site with no cookies (let's say). So I show them the Twitter signin button. They click it. My server calls RequestToken from Twitter and gets a token (and a secret?). It sends them to Twitter, they login, and then Twitter redirects to me with a OAuth Token (A) on the URL.
That's where I'm confused:what do I do next? If I try to turn that OAuth Token into an access token, it fails, assumedly because it already is an auth token. But I must have to contact Twitter somehow to verify that the oauth token the browser passed me is still good right?
