Skip to content

make signatures URL safe? #175

Description

@garlick

While reviewing RFC 7515, whose "JWS Compact Serialization" inspired our signature format, I noted that their format is "URL safe" meaning the base64 strings are modified to avoid characters that are not allowed in a URL.

https://datatracker.ietf.org/doc/html/rfc7515#appendix-C

I wonder if our signature format, which is a series of base64 strings separated by periods, should also be made URL safe so that J could be submitted directly as a URL query parameter in a RESTful interface? The above reference gives an algorithm for transformation of base64 to/from "base64url".

AFAICT it should be possible for sign_unwrap() to support both base64 and base64url for a transition period.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions