Really? I haven't had any luck at all. I can fetch the URL to approve application access to my account, and when I approve it the page reloads again, this time with the verification string in the URL. When I take that string and try to use it in my program, the website API says that it's invalid. I'll see if I can find some other oauth code to work with and test it out, the stuff I'm using has worked fine on other sites but maybe something is off with the way it works with btct.co.
Here's the code I mentioned earlier on IRC:
http://dpaste.com/hold/1197404/Just change the credentials at the top. This requires python 2.7 with a couple of dependencies (you'll get errors if they aren't there, just use pip to install them)
This takes the consumer key and consumer secret and generates the other tokens. It will ask you to visit in the browser and grab the verification string, like you have been doing, then paste it back to the app to generate your oauth client secret. You should save those, since this authorization is only needed once and you can skip the verification steps in the future if you have these stored.
I also put in an example of using the credentials to call the get_portfolio method to return your info.
I'm actually having the exact opposite problem. It seems like the api is treating ALL callback_url as if they are oob. I place an url into the callback_url parameter, but it never hits my callback url.
