Base64 problem in jsSHA
jsSHA is a very nice library for the SHA family of security algorithms. I used it to calculate the HMAC-SHA1 hash needed for OAuth signatures.
But there’s a problem: For OAuth, you need to encode your signatures in base64. jsSHA supplies a method for this, which is nice, except that it “forgets” to pad the base64 string with “=” characters if needed. Without that padding, some signatures won’t work.
However, there’s an option in jsSHA that allows you to specify the padding character. By default it’s set to an empty string, which is equivalent to no padding at all. On line 36 of sha.js you’ll find this:
jsSHA.b64pad = ""; // base-64 pad character. "=" for strict RFC compliance
The comment already says what to do to achieve RFC and OAuth compliance.
