The problem relates to validating the token string when constructing a token
object when servicing a meta data request.
I've noticed the following:
At Crypto->hmacSha1Verify the expected value and the value embedded in the
token string are compared and must match.
In Shindig 1.1 I printed both values to the log and I saw this on one occasion:
// string(20)
"\x92\xbd\...@2hp\x9c\x03\xc0\xb5=\xa7p\xf0\xee\xe2`\x1f."\n //the value from
the token // string(20)
"\x92\xbd\...@2hp\x9c\x03\xc0\xb5=\xa7p\xf0\xee\xe2`\x1f."\n // generated by
running the hmac key value against the token string
Obviously these match.
In Shindig 2.1. I did the same:
//string(20) "DeULTTigi6ehBq4F1Bg7"\n //the value from the token
//string(20)
"\x0cE\x97\x1eI\xa7\x02\xb1(:\xb2\xd9\xbd\x9d\x98zP\xf26X"\n // generated by
running the hmac key value against the token string
The obvious thing is that the value extracted from the token, in
BasicBlobCrypter->unwrap is encoded differently. I can't work out if they are
the same with different encodings or not - but they are clearly not even close.
Any help much appreciated
Thanks
Justin Wyllie
