{
  "context": "This criteria evaluates how effectively an engineer uses the oauth-sign package to implement HMAC-SHA1 signature generation for OAuth 1.0 request authentication. The focus is on proper usage of the package's HMAC-SHA1 signing capabilities and correct parameter handling.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Uses hmacsign function",
      "description": "Implementation uses the oauth-sign package's hmacsign() function (or the sign() dispatcher with 'HMAC-SHA1') to generate signatures",
      "max_score": 40
    },
    {
      "name": "Correct parameter order",
      "description": "Passes parameters to hmacsign in the correct order: httpMethod, base_uri, params, consumer_secret, token_secret",
      "max_score": 20
    },
    {
      "name": "Proper parameter handling",
      "description": "Correctly passes the params object directly to the signing function without unnecessary transformation or encoding (the package handles encoding internally)",
      "max_score": 15
    },
    {
      "name": "Handles empty secrets",
      "description": "Properly handles missing or empty token secrets by passing empty string or handling the optional parameter correctly",
      "max_score": 10
    },
    {
      "name": "Returns signature correctly",
      "description": "Returns the signature result directly from the signing function without additional encoding or transformation",
      "max_score": 10
    },
    {
      "name": "No reimplementation",
      "description": "Does not reimplement signature generation, base string construction, or RFC 3986 encoding that the package already provides",
      "max_score": 5
    }
  ]
}