Is there anything obviously wrong with this request? I can repeatedly re-authorize the user and successfully get oauth_token
https://api.twitter.com/1.1/users/show.json?user_id=1954252&oauth_nonce=4ac185d24a558c0948af17c3c&oauth_timestamp=13959569&oauth_consumer_key=fQVizCyBNPokMEPA&oauth_signature_method=HMAC-SHA1&oauth_version=1.0a&oauth_token=1952252-ahuNfbikKQbTjB&oauth_signature=7%2BWr7sUbxVAnd1Biulrl0%3D
[I've modified the params for privacy so length of them might not be correct in the example]
It turned out I was doing a POST not a GET on this request.