diff --git a/src/future/oauth/PhutilOAuth1Future.php b/src/future/oauth/PhutilOAuth1Future.php
--- a/src/future/oauth/PhutilOAuth1Future.php
+++ b/src/future/oauth/PhutilOAuth1Future.php
@@ -229,7 +229,10 @@
       $consumer_secret = $this->consumerSecret->openEnvelope();
     }
 
-    $key = urlencode($consumer_secret).'&'.urlencode($this->tokenSecret);
+    $key = urlencode($consumer_secret).'&';
+    if ($this->tokenSecret !== null) {
+      $key .= urlencode($this->tokenSecret);
+    }
 
     switch ($this->signatureMethod) {
       case 'HMAC-SHA1':