{
  "context": "This evaluation assesses how effectively the engineer uses the oauth-sign package's flexible API design to implement an OAuth request authenticator. The focus is on whether they utilize the appropriate oauth-sign functions for different use cases: the generic sign() dispatcher for dynamic method selection, specific signing functions (hmacsign, hmacsign256, rsasign, plaintext) for direct calls, and utility functions (rfc3986) for encoding.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Dynamic signature dispatch",
      "description": "Uses oauth-sign's sign() function in signRequest() to dynamically route to the appropriate signature method based on the signatureMethod parameter",
      "max_score": 30
    },
    {
      "name": "RFC 3986 encoding",
      "description": "Uses oauth-sign's rfc3986() function in encodeParameter() to perform proper OAuth parameter encoding",
      "max_score": 20
    },
    {
      "name": "Direct method calls",
      "description": "Uses specific oauth-sign functions (hmacsign, hmacsign256, rsasign, or plaintext) directly in createProviderAuthenticator() based on the configured signature method, avoiding unnecessary dynamic dispatch",
      "max_score": 25
    },
    {
      "name": "Correct parameter passing",
      "description": "Passes parameters to oauth-sign functions in the correct order and format (httpMethod, base_uri, params, consumer_secret, token_secret for HMAC methods; httpMethod, base_uri, params, private_key, token_secret for RSA; consumer_secret, token_secret for PLAINTEXT)",
      "max_score": 15
    },
    {
      "name": "Method string handling",
      "description": "Correctly passes signature method strings ('HMAC-SHA1', 'HMAC-SHA256', 'RSA-SHA1', 'PLAINTEXT') to oauth-sign's sign() function or correctly selects the corresponding direct function",
      "max_score": 10
    }
  ]
}