{
  "context": "This criteria evaluates how well the engineer uses the oauth-sign package to handle edge cases in OAuth parameter normalization and signature generation. Focus is exclusively on correct usage of oauth-sign functions for handling empty values, duplicate keys, special characters, and missing secrets.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses generateBase function",
      "description": "Uses oauth-sign's generateBase() function to create the normalized OAuth signature base string from HTTP method, URL, and parameters",
      "max_score": 25
    },
    {
      "name": "Uses rfc3986 encoding",
      "description": "Uses oauth-sign's rfc3986() function to properly encode parameter names and values, especially for special characters",
      "max_score": 20
    },
    {
      "name": "Handles array parameters",
      "description": "Correctly passes duplicate key parameters as arrays to oauth-sign functions (e.g., {key: ['val1', 'val2']}), leveraging the package's built-in array handling",
      "max_score": 20
    },
    {
      "name": "Uses hmacsign correctly",
      "description": "Uses oauth-sign's hmacsign() function with proper parameter order (httpMethod, base_uri, params, consumer_secret, token_secret)",
      "max_score": 15
    },
    {
      "name": "Handles missing secrets",
      "description": "Correctly passes empty strings or handles undefined/null secrets when calling hmacsign(), demonstrating understanding that oauth-sign handles missing secrets gracefully",
      "max_score": 20
    }
  ]
}