Creating the signature base string: document / example inconsistencies


I’m writing a signature generator in JS and am able to match the generated signature in the example provided by

The instructions for creating a signature base string are very specific, however, I’ve noticed that the Signature base string generated by the oauth tools signature generator, linked from, doesn’t follow the specifications laid out in the Creating Signatures Documentation.

Specifically, under the Collecting Parameters heading, step 2 says the following:

  1. Sort the list of parameters alphabetically[1] by encoded key[2].

Looking at the Signature Base String generated from a GET followers/list example:


All of the request query parameters precede the oauth_header parameters regardless of alphabetical order. Also the request query parameters aren’t in alphabetical order but the oauth_header parameters do follow alphabetical order.

Should my signature generator match the results of the example outlined in or should I match the results of an example generated from the Oauth Signature Generator linked form a page like