Generating the Signature for the TBA Authorization Flow
This section contains details about generating the signature required for both Step One and Step Three of the TBA authorization flow.
The following example is showing the way the signature should be constructed. The final result depends on the language you use for generating the signature.
signature = HMAC-SHA256(key, text)
Where:
-
The value of the text parameter is the base string from the appropriate section:
-
The value of the key parameter is the concatenation—using the ampersand (&) character—of the consumer secret and the token secret with both values encoded by the algorithm described in Encoding.
Important:The token secret value is only used in Step Three. The token secret value is empty in Step One.
The result digest octet string is used as the resulting oauth_signature parameter after:
-
being Base64-encoded. (For more information about Base64 Content-Transfer-Encoding, see Section 6.8 of RFC 2045.
-
being encoded using the algorithm described in Encoding.
As of 2023.1, the support ended for the HMAC-SHA1 signature method.
For more information, see the following topics
-
Constructing the Signature for Step One of the TBA Authorization Flow
-
Constructing the Signature for Step Three of the TBA Authorization Flow