OAuth 1.0a Support
As far as I can tell, django-piston only supports version 1.0 of the OAuth spec, which has a major security vulnerability. Changes in 1.0a are quite small, and well-explained here:
The main change is proper handling of the new oauth_verifier.
One thing to pay attention to is that I'm not sure whether piston currently conserves pre-existing query parameter sent with the callback URL correctly (this is now especially important to many consumers).