From Client::complete():
$data = $this->makeOAuthCall( $requestToken, $tokenUrl ); $return = $this->decodeJson( $data ); $accessToken = new Token( $return->key, $return->secret );
The case when the response is valid JSON but doesn't contain the expected keys isn't handled nicely. Apparently this can happen.