Compute an OAuth v1.0a signature

Doing OAuth v1.0a? This web form can help you check your signatures.

This should work with any OAuth v1.0a -enabled endpoint. The standard is pretty clear. It's not simple, but it's clear.

If you are using OAuthv2.0, then you are in the wrong place.

To use this form, fill in the correct parameters, and click "Sign". It works for generating the signature for a request-for-temporary-request-token, or a sig for the request-for-access-token, or a signed request for any service. If you don't understand the distinction between these things, I suggest you consult the OAuth v1.0 spec. Pay no attention to the statement that OAuthv1.0a has been superceded; that's not really true. OAuth v2.0 is different.

When you click "Sign", divs at the bottom will appear showing intermediate results. If you're having trouble generating signatures from your own code, examine the intermediate results shown here to see how the encoding and sorting is done, and compare with the intermediate results you are generating. I've tested this, it works in all cases I've tried.

This table lists the parameters you must send for the various messages in an OAuthv1.0a sequence.

request type callback consumer_key nonce signature signature_method timestamp token verifier version
request for temporary request token Y Y Y Y Y Y Y
request for access token Y Y Y Y Y Y Y Y
any other signed request -- Y Y Y Y Y Y Y

Remember, the URL will be different for each one of those requests.

Use this form to generate requests.