(Note: when I say behind a firewall you do still need web access, because you need to login to twitter to get a PIN code; but this is much less demanding than needing to set up a web server on a public IP address.)
Anyway, after I'd worked it out, I put my sample code up on github. The three files to look at are oob1.php, oob2.php and oob3.php. Here is how you use them:
Edit config.php, to set:
(If not already done, go to https://dev.twitter.com/apps, create and configure the app, and add the consumer key and secret to config.php.)
Visit the URL it tells you to, and approve the application
php oob2.php 1234567(where 1234567 is the PIN number you got at the end of step three)
php oob3.php account/verify_credentials(this command will show your account; see the oob3.php source code for other supported commands, and some shortcuts.)
Let me know if you have any problems with, or questions about, these files.
If you find bugs, or want to encourage its inclusion in the main twitteroauth library, you can comment on the github pull request.