fix: SASL signature consists of the string representation of the payl…

…oad (#2529) `payload.value()` already returns the correct string representation
mongodb · Dec 10, 2020 · e7d2693 · e7d2693
1 parent cb9ee9e
commit e7d2693
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/src/cmap/auth/scram.ts b/src/cmap/auth/scram.ts
@@ -183,11 +183,9 @@ function continueScramConversation(
   const clientKey = HMAC(cryptoMethod, saltedPassword, 'Client Key');
   const serverKey = HMAC(cryptoMethod, saltedPassword, 'Server Key');
   const storedKey = H(cryptoMethod, clientKey);
-  const authMessage = [
-    clientFirstMessageBare(username, nonce),
-    payload.value().toString('base64'),
-    withoutProof
-  ].join(',');
+  const authMessage = [clientFirstMessageBare(username, nonce), payload.value(), withoutProof].join(
+    ','
+  );
 
   const clientSignature = HMAC(cryptoMethod, storedKey, authMessage);
   const clientProof = `p=${xor(clientKey, clientSignature)}`;