SOLVED. It is fixed though I don't yet understand how/why:
In Shindig 1.1 I was building a token like this, with base64 encoding: $securityToken = BasicSecurityToken::createFromValues($owner, $viewer, 0,$domain , $url,0, 'container');$st = urlencode(base64_encode($securityToken->toSerialForm())) ; (Which is code I took from the Partuza sample site) Using this code with Shindig 2.0 throws the hmac error when it tries to build a token from a token string on the server. This works though (no encoding): $securityToken = BasicSecurityToken::createFromValues($owner, $viewer, 0,$domain , $url,0, 'container');$st = $securityToken->toSerialForm() ; //no encoding- but this breaks Shindig 1.1. Not sure yet why this is: the code which is checking for a valid token does not seem to have changed. So. I'll keep looking Justin Wyllie
