I did this for OAuth and OAuth2 in Unison. It was a headache to be sure I did everything procedurally correct. The hash token is based off using certain KVPs from a dictionary of various bits of data, and you sort it in a certain order before hashing, and certain steps require certain bits of data, and sometimes it's URL encoded and sometimes it's not, and all of this dramatically changes the hash.

I remember how stoked I was to finally get it working. It was a massive pain, but luckily there were websites that would walk through the process procedurally, showing how everything worked, one step at a time.