Permalink
Browse files

Encode secrets before computing signature.

  • Loading branch information...
1 parent fef2bfa commit cd2de9fcd94c88c93e3a22bf5e68c6ecf80d9661 @jaredhanson committed Feb 20, 2013
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/passport-http-oauth/strategies/consumer.js
View
4 lib/passport-http-oauth/strategies/consumer.js
@@ -298,8 +298,8 @@ ConsumerStrategy.prototype.authenticate = function(req) {
}
} else if (signatureMethod === 'HMAC-SHA256') {
- var key = consumerSecret + '&';
- if (tokenSecret) { key += tokenSecret; }
+ var key = utils.encode(consumerSecret) + '&';
+ if (tokenSecret) { key += utils.encode(tokenSecret); }
var computedSignature = utils.hmacsha256(key, base);
if (signature !== computedSignature) {

0 comments on commit cd2de9f

Please sign in to comment.