The oauth_token and oauth_token_secret values are specific to your app, not the users logging in. You should not share those values with anyone.
It is very difficult to determine what might be going on without more information. If you’re getting a 403, there should be a message explaining the error - what is the exact response you’re seeing?
