Mike,
Until last week we had a really odd bug in the OAuth tokens where two
HTTP responses would be sent (when using the 1.0 oauth methods, not
the /oauth/ methods introduced in 2.0) in the response, which
effectively prevented authentication (this impacted, for example, the
Digg Chrome extension which is now working, you can actually install
the extension and read its JS code for a full functional example of
using OAuth from JavaScript). It is very likely that your issue is now
resolved, but if not I'd love to know more so we can resolve your
issue.
Thanks,
Will