Closed Tobbe closed 12 years ago
Interesting. We read out parameters for the signature from the params
object in line 1118 of openid.js. The params
object contains all the query parameters (or POST parameters), and is always constructed using node's querystring.parse
.
Now, I haven't verified this, but I suspect that querystring.parse
uses the request
object encoding. This must be set using request.setEncoding
. The default encoding is null
(!). Therefore, could you try setting the encoding before passing the request object to node-openid and see if that helps?
I have
this.relyingParty = new openid.RelyingParty(
this.baseURL + "/verify", null, false, false, extensions);
and at some other place in the code I now do:
req.setEncoding('utf8');
this.relyingParty.verifyAssertion(req, function(error, result) {
onAuthentication(error, req, res, result);
});
But it still doesn't work
I reproduce what you describe. I suspect this to be a bug in node's hmac.update
, which does not seem to take encoding into account, but I haven't concluded yet.
There is no bug in hmac.update
, but the node.js documentation does not reflect that it can handle an encoding parameter. Passing this fixes the issue. Fixed in a19e73547b24148333142bc1af5aef302d8d69f1
When asking for a first name using "http://axschema.org/namePerson/first": "required" I get "Invalid Signature" back from _checkSignatureUsingAssociation. I'm using google as the OpenID provider, and the first name in the google profile is "Börje". "ö" as in ö using html entities :)
Changing the first name in google profiles to something with just A-Za-z I don't get the "Invalid Signature" error anymore.
Am I doing something wrong, or is this a bug in node-openid?