From: DirkM <dirk_at_olx.com>
Date: Mon, 24 Aug 2009 15:50:13 -0500 (CDT)
I believe there's a bug in the implementation of HMAC_SHA1 in the Jersey
oauth-signature library.
According to the spec, the consumer and token secrets should be percent
encoded before being concatenated together:
http://oauth.net/core/1.0a#anchor15
The code doesn't do this, so any secret with an unusual character in it (or
a space) will fail authentication.
Dirk