You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While reviewing RFC 7515, whose "JWS Compact Serialization" inspired our signature format, I noted that their format is "URL safe" meaning the base64 strings are modified to avoid characters that are not allowed in a URL.
I wonder if our signature format, which is a series of base64 strings separated by periods, should also be made URL safe so that J could be submitted directly as a URL query parameter in a RESTful interface? The above reference gives an algorithm for transformation of base64 to/from "base64url".
AFAICT it should be possible for sign_unwrap() to support both base64 and base64url for a transition period.
The text was updated successfully, but these errors were encountered:
While reviewing RFC 7515, whose "JWS Compact Serialization" inspired our signature format, I noted that their format is "URL safe" meaning the base64 strings are modified to avoid characters that are not allowed in a URL.
https://datatracker.ietf.org/doc/html/rfc7515#appendix-C
I wonder if our signature format, which is a series of base64 strings separated by periods, should also be made URL safe so that J could be submitted directly as a URL query parameter in a RESTful interface? The above reference gives an algorithm for transformation of base64 to/from "base64url".
AFAICT it should be possible for
sign_unwrap()to support both base64 and base64url for a transition period.The text was updated successfully, but these errors were encountered: