From 251a51ac2d26366dc77c3e99d25d6ad47de3de53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?H=C3=A5vard=20Stranden?= <havard.stranden@gmail.com>
Date: Sat, 10 Sep 2016 00:13:20 +0200
Subject: [PATCH] Pass the buffer and not the binary string to createHmac to
 avoid utf-8 encoding interpretation

---
 openid.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/openid.js b/openid.js
index d070f9b..fe1df81 100644
--- a/openid.js
+++ b/openid.js
@@ -99,7 +99,7 @@ var _base64encode = function(str) {
 };
 
 var _base64decode = function(str) {
-  return _buffer(str, 'base64').toString('binary')
+  return _buffer(str, 'base64').toString('binary');
 };
 
 var _bigIntToBase64 = function(binary)
@@ -1242,7 +1242,7 @@ var _checkSignatureUsingAssociation = function(params, callback)
       message += param + ':' + value + '\n';
     }
 
-    var hmac = crypto.createHmac(association.type, _base64decode(association.secret));
+    var hmac = crypto.createHmac(association.type, _buffer(association.secret, 'base64'));
     hmac.update(message, 'utf8');
     var ourSignature = hmac.digest('base64');