_oauth_get_user currently uses "/users/show/" + access_token["screen_name"] for logging in a user.
The access_token shouldn't rely on the screen_name, as the screen_name can be changed.
You can make a signed request to /account/verify_credentials to get the user information.
Get the current user's twitter information with /account/verify_crede…
This is more robust against potentially-changing screen names.