{
  "context": "This criteria evaluates how well the engineer uses the oauth-sign package's generic signature dispatcher (sign function) to implement a configuration-driven OAuth request signing utility. The assessment focuses on proper usage of the sign() function and its integration with different signature methods.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses sign() function",
      "description": "Implementation uses the oauth-sign package's sign() function (or equivalent dispatcher) as the primary mechanism for signature generation rather than calling individual signature method functions directly",
      "max_score": 40
    },
    {
      "name": "Method string routing",
      "description": "Correctly passes the signature method string ('HMAC-SHA1', 'HMAC-SHA256', 'RSA-SHA1', 'PLAINTEXT') as the first parameter to the sign() function based on the config.method value",
      "max_score": 20
    },
    {
      "name": "Parameter mapping",
      "description": "Correctly maps and passes all required parameters to sign() function in the correct order: httpMethod, url, params, consumerSecret/privateKey, and tokenSecret",
      "max_score": 25
    },
    {
      "name": "RSA-SHA1 handling",
      "description": "Properly handles RSA-SHA1 signature method by passing the privateKey (from config.privateKey) instead of consumerSecret when the method is 'RSA-SHA1'",
      "max_score": 15
    }
  ]
}