Been doing some more work with this OAuth 1.0 Provider and as it turns out, my implementation so too lean. Having said that, it's exactly what I aimed for in the beginning: A simple lean OAuth 1.0 Provider implementation without getting buried over the concept of OAuth itself.
This iteration still have more things to be introduced. As pointed by willhn at GeekTalk.in here, OAuth 1.0 allow the OAuth authorization data to be passed through HTTP Authorization Header and POST. RFC 5849 documentation states the standard here. At the current 0.3.0 version, Authorization data are picked up only from Authorization Header.
My immediate goal for this project is to create an OAuth reverse proxy, carrying all valid requests into some other language independent backend be it in Python, PHP, Node.js or any other languages. For that, Stage 2 has accomplished the reverse proxy nature.
Stage 3 will be adding POST support for Authorization headers and to implement a reverse proxy to a publicly available API somewhere. I have a few in mind and the Internet Chuck Norris Database will make a great candidate :D
Talk is cheap, so here is an example of an endpoint implementation.