What is the Access Token vs. Access Token Secret and Consumer Key vs. Consumer Secret

Consumer key is the API key that a service provider (Twitter, Facebook, etc.) issues to a consumer (a service that wants to access a user's resources on the service provider). This key is what identifies the consumer.

Consumer secret is the consumer "password" that is used, along with the consumer key, to request access (i.e. authorization) to a user's resources from a service provider.

Access token is what is issued to the consumer by the service provider once the consumer completes authorization. This token defines the access privileges of the consumer over a particular user's resources. Each time the consumer wants to access the user's data from that service provider, the consumer includes the access token in the API request to the service provider.

Hope that clears it up. I would recommend skimming through the beginning of the oAuth 2.0 spec. It's really informative.

There are two type of authentication, the first one is called authentication which uses the consumer key and consumer secret to identify this client and be sure that it is a valid account, the second one called authorization, it allows the resources server to identify which kind of actions you have the permission to do with data or what we call a resource, this operation uses access token and access token secret.

For further details, take a look at this useful slides from google:

https://docs.google.com/presentation/d/1KqevSqe6ygWVj4U-wlarKU7-SVR79x-vjpR4gEc4A9Q/edit?pli=1#slide=id.g1697c74a_1_14