EDIT: http://stackoverflow.com/questions/1609899/java-equivalent-to-phps-hmac-sha1
(well hopefully, trying a.t.m.)
My understanding is that to create a signature I need a 'base string' and a 'key'. I guess I know how to create the base string, and I assume I'm supposed to use 'OAuth Consumer Secret' that Google have assigned to my app as the key.
But what am I supposed to do with these two to obtain the signature? Is there any HMAC-class on GAE/Java?
Would it play if I just stored somewhere what OAuth Playground generates for me? Is it how you do it? Or does OAuth signature have some expiration date?
(I tried AuthSub before but failed too, even though it looks quite simple. Also OAuth seems like more 'standard' to me, so I'd like to stick with OAuth.)