Doing OAuth v1.0a? This web form can help you check your signatures.
If you are using OAuthv2.0, then you are in the wrong place.
This should work with any OAuth v1.0a -enabled endpoint that uses HMAC signing. (The standard is pretty clear. It's not simple, but it's clear.)
To use this form, fill in the correct parameters, and click "Sign". It works for generating the signature for a request-for-temporary-request-token, or a sig for the request-for-access-token, or a signed request for any service. If you don't understand the distinction between these three different types of signatures, I suggest you consult the OAuth v1.0 spec. Pay no attention to the statement in that document that OAuthv1.0a has been superceded; that's not quite true. OAuth v2.0 is different.
When you click "Sign", divs at the bottom will appear showing intermediate results. If you're having trouble generating signatures from your own code, examine the intermediate results shown here to see how the encoding and sorting is done, and compare with the intermediate results you are generating. I've tested this, it works in all cases I've tried.
This table lists the parameters you must send for the various messages in an OAuthv1.0a sequence.
| request type | callback | consumer_key | nonce | signature | signature_method | timestamp | token | verifier | version |
|---|---|---|---|---|---|---|---|---|---|
| request for temporary request token | Y | Y | Y | Y | Y | Y | Y | ||
| request for access token | Y | Y | Y | Y | Y | Y | Y | Y | |
| any other signed request | -- | Y | Y | Y | Y | Y | Y | Y |
Remember, the URL will be different for each one of those requests.
Use this form to generate requests.