Index: trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java
===================================================================
--- trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java	(revision 4231)
+++ trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java	(revision 6849)
@@ -1,3 +1,5 @@
 package oauth.signpost.signature;
+
+import java.util.Iterator;
 
 import oauth.signpost.OAuth;
@@ -21,33 +23,20 @@
             HttpParameters requestParameters) {
 
-        // add the signature
-        StringBuilder sb = new StringBuilder(OAuth.addQueryParameters(request.getRequestUrl(),
-            OAuth.OAUTH_SIGNATURE, signature));
+        // add all (x_)oauth parameters
+        HttpParameters oauthParams = requestParameters.getOAuthParameters();
+        oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
 
-        // add the optional OAuth parameters
-        if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) {
+        Iterator<String> iter = oauthParams.keySet().iterator();
+
+        // add the first query parameter (we always have at least the signature)
+        String firstKey = iter.next();
+        StringBuilder sb = new StringBuilder(OAuth.addQueryString(request.getRequestUrl(),
+            oauthParams.getAsQueryString(firstKey)));
+
+        while (iter.hasNext()) {
             sb.append("&");
-            sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TOKEN));
+            String key = iter.next();
+            sb.append(oauthParams.getAsQueryString(key));
         }
-        if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {
-            sb.append("&");
-            sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CALLBACK));
-        }
-        if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {
-            sb.append("&");
-            sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERIFIER));
-        }
-
-        // add the remaining OAuth params
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CONSUMER_KEY));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERSION));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_SIGNATURE_METHOD));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TIMESTAMP));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_NONCE));
 
         String signedUrl = sb.toString();