do not include the token in the signature if it's empty

src/main/java/org/scribe/model/Token.java

@@ -57,4 +57,22 @@ public String toString()
   {
     return String.format("Token[%s , %s]", token, secret);
   }
+
+  /**
+   * Returns true if the token is empty (token = "", secret = "")
+   */
+  public boolean isEmpty()
+  {
+    return "".equals(this.token) && "".equals(this.secret);
+  }
+
+  /**
+   * Factory method that returns an empty token (token = "", secret = "").
+   *
+   * Useful for two legged OAuth.
+   */
+  public static Token empty()
+  {
+    return new Token("","");
+  }
 }

src/main/java/org/scribe/oauth/OAuth10aServiceImpl.java

@@ -8,7 +8,7 @@
 
 /**
  * OAuth 1.0a implementation of {@link OAuthService}
- * 
+ *
  * @author Pablo Fernandez
  */
 public class OAuth10aServiceImpl implements OAuthService
@@ -20,7 +20,7 @@ public class OAuth10aServiceImpl implements OAuthService
 
   /**
    * Default constructor
-   * 
+   *
    * @param api OAuth1.0a api information
    * @param config OAuth 1.0a configuration param object
    */
@@ -88,8 +88,12 @@ public Token getAccessToken(Token requestToken, Verifier verifier)
   public void signRequest(Token token, OAuthRequest request)
   {
     config.log("signing request: " + request.getCompleteUrl());
-    request.addOAuthParameter(OAuthConstants.TOKEN, token.getToken());
 
+    // Do not append the token if empty. This is for two legged OAuth calls.
+    if (!token.isEmpty())
+    {
+      request.addOAuthParameter(OAuthConstants.TOKEN, token.getToken());
+    }
     config.log("setting token to: " + token);
     addOAuthParams(request, token);
     appendSignature(request);
@@ -110,7 +114,7 @@ public String getAuthorizationUrl(Token requestToken)
   {
     return api.getAuthorizationUrl(requestToken);
   }
-  
+
   private String getSignature(OAuthRequest request, Token token)
   {
     config.log("generating signature...");