Pass the buffer and not the binary string to createHmac to avoid utf-…

…8 encoding interpretation
havard · Sep 9, 2016 · 251a51a · 251a51a
1 parent be23a2c
commit 251a51a
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/openid.js b/openid.js
@@ -99,7 +99,7 @@ var _base64encode = function(str) {
 };
 
 var _base64decode = function(str) {
-  return _buffer(str, 'base64').toString('binary')
+  return _buffer(str, 'base64').toString('binary');
 };
 
 var _bigIntToBase64 = function(binary)
@@ -1242,7 +1242,7 @@ var _checkSignatureUsingAssociation = function(params, callback)
       message += param + ':' + value + '\n';
     }
 
-    var hmac = crypto.createHmac(association.type, _base64decode(association.secret));
+    var hmac = crypto.createHmac(association.type, _buffer(association.secret, 'base64'));
     hmac.update(message, 'utf8');
     var ourSignature = hmac.digest('base64');