Do not use the SimpleOAuthDataStore that is included in the PHP OAuth library. The reason is the obvious relation between the key and the secret. Hash functions are fun to use, isn't they?

The developer should very well know that md5(md5( is insecure, he/she should use md5(md5(md5( ;P

function new_token($consumer, $type="request") {/*{{{*/
  $key = md5(time());
  $secret = time() + time();
  $token = new OAuthToken($key, md5(md5($secret)));