I've been banging my head against the wall trying to get 2-Legged OAuth to work such that I can grant certain apps rights to certain nodes using the OAuth module.

I may be missing something (quite likely), but even when I have 2-legged OAuth set as my authentication method within the service OAuth Authentication setup, I never get a token that's pre-authorized, so I can never request the content I want without an authentication step.

If I go into modules/oauth/includes/DrupalOAuthToken.inc and change the authorized variable to equal 1 by default (so all tokens authorized by default), then the 2-legged process works.

Is there something I'm missing somewhere, or is this broken?