I finally found the spec for signatures in OAuth 2:
https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
In particular I love the part in the spec that says:
The primary design goal of this mechanism is to simplify and improve
HTTP authentication for services that are unwilling or unable to
employ TLS for every request.