ö in firstname causes "Invalid Signature"

[Tobbe]

When asking for a first name using "http://axschema.org/namePerson/first": "required" I get "Invalid Signature" back from _checkSignatureUsingAssociation. I'm using google as the OpenID provider, and the first name in the google profile is "Börje". "ö" as in ö using html entities :)

Changing the first name in google profiles to something with just A-Za-z I don't get the "Invalid Signature" error anymore.

Am I doing something wrong, or is this a bug in node-openid?

[havard]

Interesting. We read out parameters for the signature from the params object in line 1118 of openid.js. The params object contains all the query parameters (or POST parameters), and is always constructed using node's querystring.parse.

Now, I haven't verified this, but I suspect that querystring.parse uses the request object encoding. This must be set using request.setEncoding. The default encoding is null (!). Therefore, could you try setting the encoding before passing the request object to node-openid and see if that helps?

[Tobbe]

I have

this.relyingParty = new openid.RelyingParty(
    this.baseURL + "/verify", null, false, false, extensions);

and at some other place in the code I now do:

req.setEncoding('utf8');
this.relyingParty.verifyAssertion(req, function(error, result) {
    onAuthentication(error, req, res, result);
});

But it still doesn't work

[havard]

I reproduce what you describe. I suspect this to be a bug in node's hmac.update, which does not seem to take encoding into account, but I haven't concluded yet.

[havard]

There is no bug in hmac.update, but the node.js documentation does not reflect that it can handle an encoding parameter. Passing this fixes the issue. Fixed in a19e73547b24148333142bc1af5aef302d8d69f1