When using OAuth for write actions, a token should not be required. Since cookies are not being used for authentication/authorization, then the authorization is stateless and retrieving an edit token is an unnecessary step that does not add any additional security.
Perhaps it would be best to ignore any cookies / sessions when the Authorization header is present?