We were forced to disable OAuth [1] after a security vulnerability  
[2][3] was found in the OAuth protocol. As part of the fixes for this  
problem there have been some changes to the OAuth functionality. The  
relevant changes are:

1. The lifetime of a Request Token is now shorter. This new time limit  
should be long enough for a person to complete the flow, but short  
enough that it cuts off attacks. This does not effect access tokens  
and should be totally transparent to OAuth enabled applications.

2. The oauth_callback parameter is now ignored. Users will be  
redirected to the callback registered when the application was  
created. We're currently working on changes that will re-enable this  
feature but felt that OAuth should be available without this parameter  
while that work takes place.

     We're very sorry for the silence during this problem but due to  
the security implications all OAuth vendors were asked to keep the  
details secret until the official announcement. Hopefully we'll have a  
replacement for the oauth_callback available in the near future.

Thanks;
   – Matt Sanford / @mzsanford
       Twitter API Developer

[1] - http://blog.twitter.com/2009/04/whats-deal-with-oauth.html
[2] - http://oauth.net/advisories/2009-1
[3] - http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-ses...