This section contains details about generating the signature required for both Step One and Step Three of the TBA authorization flow.
The following example is showing the way the signature should be constructed. The final result depends on the language you use for generating the signature.
signature = HMAC-SHA256(key, text)
The value of the text parameter is the base string from the appropriate section:
The value of the key parameter is the concatenation—using the ampersand (&) character—of the consumer secret and the token secret with both values encoded by the algorithm described in Encoding.Important:
The token secret value is only used in Step Three. The token secret value is empty in Step One.
The result digest octet string is used as the resulting oauth_signature parameter after:
being Base64-encoded. (For more information about Base64 Content-Transfer-Encoding, see Section 6.8 of RFC 2045.
being encoded using the algorithm described in Encoding.
The end of support for the HMAC-SHA1 signature method targeted for 2021.2 has been postponed. However, the algorithm used by the HMAC-SHA1 signature method is no longer considered secure. You should update your integrations to use the HMAC-SHA256 signature method as soon as possible.
For more information, see the following topics