Generating the Signature for the TBA Authorization Flow
This section contains details about generating the signature required for both Step One and Step Three of the TBA authorization flow.
The following example is showing the way the signature should be constructed. The final result depends on the language you use for generating the signature.
signature = HMAC-SHA256(key, text)
Where:
-
The value of the text parameter is the base string from the appropriate section:
-
The value of the key parameter is the concatenation—using the ampersand (&) character—of the consumer secret and the token secret with both values encoded by the algorithm described in Encoding.
Important:The token secret value is only used in Step Three. The token secret value is empty in Step One.
The result digest octet string is used as the resulting oauth_signature parameter after:
-
being Base64-encoded. (For more information about Base64 Content-Transfer-Encoding, see Section 6.8 of RFC 2045.
-
being encoded using the algorithm described in Encoding.
As of 2023.1, the support ended for the HMAC-SHA1 signature method.
For more information, see the following topics
-
Constructing the Signature for Step One of the TBA Authorization Flow
-
Constructing the Signature for Step Three of the TBA Authorization Flow
Related Topics
- Token-based Authentication (TBA)
- Token-based Authentication (TBA) for Integration Application Developers
- The Three-Step TBA Authorization Flow
- Step One Obtain An Unauthorized Request Token
- Step Two Authorize the Request Token
- Step Three Exchange the Request Token for an Access Token
- Specifications for Signature Construction for the TBA Authorization Flow