I wasn't setting the SESSION properly, so I was actually using my request token with the secret instead of my access token :P
if(empty($_GET["oauth_token"])) {
$_SESSION["token_secret"] = $oauthTokenSecret;
$_SESSION["oauth_token"] = $oauth_token;
echo '<script>window.location="'.$auth_url.'";</script>';
}
else {
$oauth_token->key = urldecode($_GET["oauth_token"]);
$oauth_token->secret = $_SESSION["token_secret"];
echo "<Br>";
echo "<Br> FIRST OAUTH TOKEN: ";
echo $oauth_token->key;
echo "<Br>";
echo "<Br> FIRST OAUTH TOKEN SECRET: ";
echo $oauth_token->secret;
print_r($_SESSION);
echo "<Br>";
echo "<Br>";
// GET https://www.google.com/accounts/OAuthGetAccessToken
$req = OAuthRequest::from_consumer_and_token($consumer, $oauth_token, 'GET',
$token_endpoint.'OAuthGetAccessToken', array('oauth_verifier' => $_GET['oauth_verifier']));
$req->sign_request($sig_method, $consumer, $oauth_token, $privKey);
print_r($req);
$response = send_signed_request('GET', $token_endpoint.'OAuthGetAccessToken', array($req->to_header()));
@Rafal - I would make sure that you have acquired 2 separate tokens (one for the initial request and then one for access). Another thing to take note of is it's important that you rebuild the new signature with the new token/secret because it was return "Invalid signature" if you keep it the same.
Since there is a necessary redirection during this process you must keep the initial token secret in a SESSION variable. The oauth_token will be returned in the URL after the user is returned to your app, but the token secret will not. You must store it in a variable you can access after the round-trip is complete.
If you wish to store the entire oauth_token object in a session make sure you instantiate the object BEFORE your "session_start()"
$oauth_token = new OAuthToken($oauthToken, $oauthTokenSecret);
session_start();
Otherwise, you will receive a "incomplete object" warning when you reprint the token received from SESSION. I've spent a long time on this project, and have become deeply involved with OAuth. Please feel free to ask me any questions, Rafal.