Bert the issue is how the signature is generated (providing all else is equal ).
I have created a php simulation that acts as a consumer to the Moodle provider and after a bit of playing the signatures match (tried it with Moodle localhost and a different Moodle in the cloud and no problems).
The problem is that you are the other way around as I understand it i.e. Moodle is the consumer and the tool external. With mine the tool is internal and the non Moodle is the consumer.
The code is 237 lines long but lots of comments in there. You're welcome to it if it might help to understand the problem at the conceptual level. Atleast it is an example of how Moodle 3.1 the provider in core does it and I'd find it odd if Moodle 3.1 the consumer did it differently.
But I guess you need to replicate the Wikimedia method in Moodle unless you can change the Wikimedia code?
The other possibility I guess is some other parameter mismatch but they seem fairly straightforward:
# OAuth Core 1.0 spec: http://oauth.net/core/1.0/
$launch_data["oauth_callback"] = "about:blank";
$launch_data["oauth_consumer_key"] = $consumer_key;
$launch_data["oauth_version"] = "1.0";
$launch_data["oauth_nonce"] = uniqid('', true);
$launch_data["oauth_timestamp"] = $now->getTimestamp();
$launch_data["oauth_signature_method"] = "HMAC-SHA1";
or a different level of OAuth.
Drop me a mail if you'd like the code. All the normal 'not fit for human consumption' and 'entirely at your own risk of course' It will end up as .net so I haven't been overly formal with it