https://api.login.yahoo.com/oauth/v2/get_request_token" inside you Docs there is info
oauth_signature The Consumer Secret that was issued to the application. If you are using the PLAINTEXT signature method, add %26 at the end of the Consumer Secret
But it's not correct , cause Zend uses another algorithm , also inside oAuth 1 specification there is information about signature, that it should contains all params encoded by sha1 and base64. Is it true?