OAuth 1.0 header construction for Token Based Authentication (TBA)

My question:
This isn’t a problem with Postman but Postman’s OAuth 1.0 authentication works when I’m attempting to communicate with Netsuite API. I’m having a hard time trying to reproduce the successful results using NodeJS so I’m interested in how Postman constructs the header in the requests when I’m using OAuth 1.0 for TBA.

Postman takes in 4 variables, namely CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN, TOKEN_SECRET. It then constructs the header.Authorization dynamically to something like this:

OAuth realm="<realm>",oauth_consumer_key="<key>",oauth_token="<token>",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1631228049",oauth_nonce="h6AMUL3EAof",oauth_version="1.0",oauth_signature="<generated_signature>"

On the other hand, I’m using an OAuth 1.0 library https://github.com/ddo/oauth-1.0a to generate the header when I’m doing this in NodeJS. When I override the dynamic variables (nonce, timestamp) to a static value from Postman, my oauth_signature came out different. Is there something in Postman that’s doing differently than a regular OAuth 1.0 library when constructing the header?

Answering my own question here, Postman does a lowercase on the URL so if you have anything in your URL that’s not originally lowercased, it will be transformed before encryption. Hence I was getting a different signature.

Can you provide me your NodeJS sample? I am having the same exact issue but I don’t know what is used for the signature and how Postman comes up with it.

Could you please provide the nodejs sample code