Make sure that you’re:
a) setting an explicit oauth_callback value on oauth/request_token
b) if you’ve ever changed the permission levels on your application, make sure that you’re either sending users to oauth/authorize instead of oauth/authenticate to transit those permissions or that you’re using the x_auth_access_type parameter on oauth/request_token to explicitly declare the permission level you’re after.
