Jay Rossiter wrote: > The previous revision of the spec defined secret and verify_token as > 'bytes', and shouldn't be handled with any particular character encoding - > they are simply binary data, which the hub shouldn't be paying any attention > to the contents of.
The problem is that you're using URL query parameters and x-www-form- urlencoded POSTs which are typically used for transporting textual data (with a history of charset interop issues). Trying to transport binary data like that is just asking for trouble. Even the appspot reference hub has problems with non-ASCII data. If you want any chance of long-term interoperability, it would be best to define all of those fields (hub.verify_token, hub.secret, and hub.challenge) as printable ASCII only and be done with it. On that subject, I assume from the constant references to RFC3986 rather than RFC3987, that the protocol doesn't support IRIs. However, I think it would be worth clarifying that point up front, with instructions on how to convert IRIs to URIs (with a reference to RFC3987).
