Token.get_callback_url should include oauth_token

The crux of the issue was reported at http://code.google.com/p/oauth/issues/detail?id=121.

Basically the callback url that is generated does not include the token key - the consumer would have no idea which temporary token to use to exchange for an authorized token.
