Canonical SSO provider

Comment 3 for bug 991591

Thanks for your help with this, we've now been able to track down the problem in our base64 encoder. It wasn't padding messages with "="s, which is required when the input message isn't a multiple of 3.