I always get an invalid signature. I am sorting the query parameters etc. My signing for the access token works, and it's the same function. I'm using the shared secret and the access token secret in the hmac, is that right? like I use the shared secret and the request token secret when signing for the access token.