Why must we "change temporary credentials for token credentials" in OAuth?
Can't the server just "upgrade" the temporary credentials to token credentials and retain the same key and secret? The client can then start doing authenticated calls right away after the recieving the callback from the server stating that the temporary credentials has been "upgraded". Of cause if the temporary credentials have not be ...