I know this is kind of an old post (the series is great by the way)

however, I'd like to point out that in the first part, you mentioned the token handler and that "right now it's ok to just return OAUTH_OK" (in context of the first post) So i'd think that in this article you'd show use how you've changed your token handler to work with the access tokens, since the token handler does come into play at this point.