Generate OAuth request header signature using OAuth or hash_hmac function

Authorization OAuth

Using OAuth getRequestHeader:


                                        $consumerKey = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_KEY];
                                        $consumerSecret = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_SECRET];
                                        $timestamp = time();
                                        $nonce = md5(microtime());

                                        $oAuthVariables = [];
                                        $oAuthVariables[self::FIELD_OAUTH_CONSUMER_KEY] = $consumerKey;
                                        $oAuthVariables[self::FIELD_OAUTH_NONCE] = $nonce;
                                        $oAuthVariables[self::FIELD_OAUTH_SIGNATURE_METHOD] =
                                        self::OAUTH_SIGNATURE_METHOD;
                                        $oAuthVariables[self::FIELD_OAUTH_TIMESTAMP] = $timestamp;
                                        $oAuthVariables[self::FIELD_OAUTH_VERSION] = self::OAUTH_VERSION;

                                        $oauth = new \OAuth($consumerKey, $consumerSecret);
                                        $oauth->setTimestamp($timestamp);
                                        $oauth->setNonce($nonce);
                                        $oauth->setVersion(self::OAUTH_VERSION);

                                        return $oauth->getRequestHeader(strtoupper($httpMethod), $endpointUrl,
                                        $oAuthVariables); // $oAuthVariables aren't required, really
                                    

Using hash_hmac (without OAuth):


                                        $consumerKey = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_KEY];
                                        $consumerSecret = $this->config[self::PARAM_OAUTH][self::PARAM_CONSUMER_SECRET];

                                        // define params that will be used either in Authorization header, or as url
                                        query params, excluding 'oauth_signature'
                                        $params = array(
                                        'oauth_consumer_key' => $consumerKey,
                                        'oauth_nonce' => uniqid(mt_rand(1, 1000)),
                                        'oauth_signature_method' => 'HMAC-SHA1',
                                        'oauth_timestamp' => time(),
                                        'oauth_version' => '1.0',
                                        );
                                        // define HTTP method
                                        $method = 'POST';

                                        // start making the signature
                                        ksort($params); // @see
                                        Zend_Oauth_Signature_SignatureAbstract::_toByteValueOrderedQueryString() for
                                        more accurate sorting, including array params
                                        $sortedParamsByKeyEncodedForm = array();
                                        foreach ($params as $key => $value) {
                                        $sortedParamsByKeyEncodedForm[] = rawurlencode($key) . '=' .
                                        rawurlencode($value);
                                        }
                                        $strParams = implode('&', $sortedParamsByKeyEncodedForm);
                                        $signatureData = strtoupper($method) // HTTP method (POST/GET/PUT/...)
                                        . '&'
                                        . rawurlencode($endpointUrl) // base resource url - without port & query params
                                        & anchors, @see how Zend extracts it in
                                        Zend_Oauth_Signature_SignatureAbstract::normaliseBaseSignatureUrl()
                                        . '&'
                                        . rawurlencode($strParams);

                                        $key = rawurlencode($consumerSecret) . '&';
                                        $signature = base64_encode(hash_hmac('SHA1', $signatureData, $key, 1));
                                        // end making signature

                                        return 'OAuth '
                                        . 'oauth_consumer_key="' . $params['oauth_consumer_key'] . '",'
                                        . 'oauth_nonce="' . $params['oauth_nonce'] . '",'
                                        . 'oauth_signature_method="' . $params['oauth_signature_method'] . '",'
                                        . 'oauth_signature="' . rawurlencode($signature) . '",'
                                        . 'oauth_timestamp="' . $params['oauth_timestamp'] . '",'
                                        . 'oauth_version="' . $params['oauth_version'] . '"';
                                    

The most important thing is to strtoupper the HTTP method