HMAC-SHA1 signature generated via authHeader() does not match signature generated from other sources

[sul4bh]

I have:

let oauth = new OAuth.OAuth(
	null,
	null,
	'abc',
	'def',
	'1.0',
	null,
	'HMAC-SHA1',
	6
);

I then generate an authorization header and add it to a node HTTP packge(Supertest) as follows:

{
    'Authorization': oauth.authHeader('/route', 'mno', 'pqr', 'GET')
}

This gives me the following HTTP header:

GET /route HTTP/1.1
Host: abc.xyz
Accept-Encoding: gzip, deflate
User-Agent: node-superagent/2.3.0
Authorization: OAuth oauth_consumer_key="abc", oauth_nonce="rbox6F", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1482285391", oauth_token="mno", oauth_version="1.0", oauth_signature="Xz2gZQqXK1c%2FM2JSFeRj4UQ9qEI%3D"
Connection: close

Using the same values for noone, timestamp and the secret keys, I get the following from another tool (Paw):

GET /route HTTP/1.1
Authorization: OAuth oauth_consumer_key="abc", oauth_nonce="rbox6F", oauth_signature="221yLZJVIBt8WpXZw1kVAsh8K9c%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1482285391", oauth_token="mno", oauth_version="1.0"
Host: abc.xyz
Connection: close
User-Agent: Paw/3.0.14 (Macintosh; OS X/10.12.0) GCDHTTPRequest

Notice how the oauth_signature values differ for the two requests.

The request I made with Paw gets authenticated successfully while the request I made with Supertest(with headers generated by oauth) fails with the message 'signature does not match'.

Can anyone please verify if oauth.authHeader() generates a valid Authorization header?

[MikesGlitch]

I've had this problem as well. Thought the problem I had was to do with asterisks. The asterisks ended up being encoded twice.