// SignedURL creates a signed URL using the given ConnectionData, where route
// is the url path relative to the BaseURL stored in the ConnectionData, query
// is the set of query string parameters, if any, and duration is the amount of
// time that the signed URL should remain valid for.
func (connectionData *ConnectionData) SignedURL(route string, query url.Values, duration time.Duration) (u *url.URL, err error) {
	u, err = setURL(connectionData, route, query)
	if err != nil {
		return
	}
	credentials := &hawk.Credentials{
		ID:   connectionData.Credentials.ClientID,
		Key:  connectionData.Credentials.AccessToken,
		Hash: sha256.New,
	}
	reqAuth, err := hawk.NewURLAuth(u.String(), credentials, duration)
	if err != nil {
		return
	}
	reqAuth.Ext, err = getExtHeader(connectionData.Credentials)
	if err != nil {
		return
	}
	bewitSignature := reqAuth.Bewit()
	if query == nil {
		query = url.Values{}
	}
	query.Set("bewit", bewitSignature)
	u.RawQuery = query.Encode()
	return
}
func Bewit(clientId string, accessToken string, uri string) (string, error) {
	credentials := &hawk.Credentials{
		ID:   clientId,
		Key:  accessToken,
		Hash: sha256.New,
	}

	auth, err := hawk.NewURLAuth(uri, credentials, BEWIT_EXPIRES)
	if err != nil {
		return "", err
	}

	bewit := auth.Bewit()
	return fmt.Sprintf("%s?bewit=%s", uri, bewit), nil
}