If I understand your question correctly, you need to be able to get the tweets from a third-party user who is with the OAuth token and having the secrets belonging to a user on your site. And the tweets from the third-party users are not obviously publicly accessible, but your user is having all the access rights to them. Am I correct?
So if you need to access private resources on behalf of your user, you must sign the request with the OAuth token and with your application credentials. Then the Twitter can check, which user is signed in to your site and if the user have given your site the required access rights.
Then that signature is sent within the header of your GET request in a format as following:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog", oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg", oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
Further Readings :
There is also documentation from Twitter on how to calculate the signature as follows: