From 162dd87fc1eb1599a635de8d65db3833ee5deb05 Mon Sep 17 00:00:00 2001
From: Ulysse Carion <ulysse.carion@ssoready.com>
Date: Mon, 13 Jan 2025 14:50:34 -0800
Subject: [PATCH] lib/saml: fix base64 encoding of SAML assertions for users
 with non-ASCII names (#16)

This PR fixes `encodeAssertion` to use btoa correctly for SAML
assertions that contain non-ASCII.

Messages are first manually encoded into UTF-8, and the resulting data
is coerced into a JS string that btoa will correctly encode. That
intermediary string isn't entirely meaningful -- JS strings are UTF-16,
not UTF-8 -- but I think this "hack" of sorts is tolerable given how
fleeting its use is.
---
 src/lib/saml.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/saml.ts b/src/lib/saml.ts
index ffdbc5d..fcc168f 100644
--- a/src/lib/saml.ts
+++ b/src/lib/saml.ts
@@ -14,7 +14,9 @@ export async function encodeAssertion(
   key: CryptoKey,
   assertionData: AssertionData,
 ): Promise<string> {
-  return btoa(await signAssertion(key, assertionData));
+  // naively calling btoa does not correctly handle non-ASCII
+  const payload = await signAssertion(key, assertionData);
+  return btoa(String.fromCharCode(...new TextEncoder().encode(payload)));
 }
 
 async function signAssertion(