node.js - Why can't I use credentials to make followup oauth call

Question

I am using passport-freshbooks to authenticate and retrieve a token and tokenSecret. However, when I try to use those with a separate OAuth object, I get a 401 authentication failed error.

The strategy used by passport-freshbooks uses the same oauth library, and the call to "post" is identical to the followup call (at least it looks the same to me, but maybe I'm missing something obvious).

Here's some of the pertinent code from the passport strategy:

OAuth = require('oauth').OAuth //This is called from within require('passport-oauth').OAuthStrategy
...
this._oauth = new OAuth('https://' + options.subdomain + '.freshbooks.com/oauth/oauth_request.php',
    'https://' + options.subdomain + '.freshbooks.com/oauth/oauth_access.php',
    freshbookDao.config.apiSubdomain,  
    freshbookDao.config.oauthSecret,
    "1.0", 
    null, 
    "PLAINTEXT",
    null, 
    options.customHeaders);
...
log.info("Calling userProfile with " + token + " and " + tokenSecret);
...
this._oauth.post(url, token, tokenSecret, post_body, post_content_type, function (err, body, res) {...}

I try to use that same token and tokenSecret later. I'm creating a new OAuth object, but setting it with the identical settings passed to the passport strategy. Here's some code from that:

 OAuth = require('oauth')
 ...
 oauth = new OAuth.OAuth(
    'https://' + options.subdomain + '.freshbooks.com/oauth/oauth_request.php',
    'https://' + options.subdomain + '.freshbooks.com/oauth/oauth_access.php',
    exports.config.apiToken,
    exports.config.oauthSecret,
    '1.0',
    null,
    'PLAINTEXT');
...
log.info("Calling listInvoices with " + token + " and " + tokenSecret);
...
oauth.post(url, token, tokenSecret, body, 'application/xml', function(err, data, res) {...}

These look the same to me. However, the first one passes, and the second fails with this response:

{"statusCode":401,"data":"<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<response xmlns=\"http://www.freshbooks.com/api/\" status=\"fail\">\n  <error>Authentication failed.</error>\n  <code>20010</code>\n</response>\n"} <code>20010</code>\n</response>\n"}

What is it that I'm doing wrong? I've included to "log.info" lines to show that I've compared the token and tokenSecret, and they are indeed the same. What is it I'm missing?