Long story short - I am moving towards 3 legged OAuth and writing a test client. I was hanging up on step 2, where the user visits the Drupal site and authorizes access. Specifically, on the oauth/authorize URL with an authenticated user I would select the web service and then "Login". Then I would be directed to a White Screen of Death.

This happens because I had incorrectly specified a callback. I was following this tutorial (with D6 but it's pretty much the same). Since I am hooking this into a mobile application, there really isn't a callback from what I understand. What is not documented anywhere is that you want to put "oob" in the callback box. Anything else in there and you find your way to oauth_common.pages.inc, and the oauth_common_form_authorize_submit() function. Here's the offending bit of code:

if (!empty($consumer->callback_url) && $consumer->callback_url !== 'oob') {
  do stuff here
else {

As you can guess, the callback URL was indeed not empty and was not set to "oob" since I did not know to do that. So I had an incorrect URL being generated and sent back to my client which caused a WSOD.

I'd suggest adding more logic to this function and perhaps better error handling. A pointer to that tip of using the keyword "oob" would also be very helpful. Thanks!