RFC4648 "The Base16, Base32, and Base64 Data Encodings"
defines web-safe base64 (and "normal" base64)
<http://tools.ietf.org/html/rfc4648#section-5>.
The spec suggests calling it "base64url".
The spec explicitly states that:
"in some circumstances, the use of padding ("=")
in base-encoded data is not required or used"
though it also says that a specification using Base64 needs
to explicitly state that padding is omitted in its circumstances.
It makes sense to omit the padding when using base64url,
as "=" isn't web-safe (it isn't an <unreserved> char).
Padding in base64 is pointless
so there is no technical problem in omitting it.
Not using "normal" base64 is a disadvantage,
but well worth it to avoid a unnecessary layer of escaping.
Various Base64 libraries support base64url and no padding
when called with appropriate flags.
--
James Manger
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
