I'm on step 4 where I swap the oauth verifer for an access token and I keep getting invalid signature. I'm using the C# OauthBase code from http://oauth.net/code/ which I've modified to sort the parameters correctly, and added optional callbackURL and OauthVerifier parameters. I've tried umpty-gazillion variations of what parameters I've included, but haven't hit on the correct combination yet.
Here is the latest combination of parameters that I've tried:
The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104] (Krawczyk, H., Bellare, M., and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” .) where the Signature Base String is the text and the key is the concatenated values (each first encoded per Parameter Encoding (Parameter Encoding)) of the Consumer Secret and Token Secret, separated by an ‘&’ character (ASCII code 38) even if empty.