Hi,
using the base64url alphabet seems a reasonable choice.
kind regards,
Torsten.
Am 15.10.2014 22:12, schrieb Sergey Beryozkin:
Hi, in our project we ship a transformer implementation that assumes
that a code verifier represents a base64url encoded SHA-256 hash of
the code challenge
Cheers, Sergey
On 15/10/14 19:48, Chuck Mortimore wrote:
We're actually debating it internally. It seems easiest to just
encode
the binary code up front. Any issue with that?
- cmort
On Oct 15, 2014, at 8:32 AM, Nat Sakimura <[email protected]
<mailto:[email protected]>> wrote:
Thanks.
So, to be clear, are you base64url encoding when sending it over the
wire or is your code verifier is created by base64url encoding the
binary value so that you do not need to encode it when sending it
over?
=nat via iPhone
Oct 16, 2014 00:27、Chuck Mortimore <[email protected]
<mailto:[email protected]>> のメッセージ:
We went with base64url in our implementation
On Tue, Oct 14, 2014 at 2:26 AM, Nat Sakimura <[email protected]
<mailto:[email protected]>> wrote:
In his mail, Mike asked whether code verifier is
a value that is sendable without trnasformation
as a http parameter value, or if it needs to be
% encoded when it is being sent.
We have several options here:
1) Require that the code verifier to be a base64url encoded
string of a binary random value.
2) Let code verifier to be a binary string and require it to be
either % encoded or base64url encoded when it is sent.
In this case, which encoding should we use?
3) require the code verifier to be conform to the following
ABNF:
code_verifier = 16*128unreserved
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
Which one do you guys prefer?
Nat
--
Nat Sakimura ([email protected]
<mailto:[email protected]>)
Nomura Research Institute, Ltd.
PLEASE READ:
The information contained in this e-mail is confidential and
intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are
hereby notified that any review, dissemination, distribution or
duplication of this message is strictly prohibited. If you have
received this message in error, please notify the sender
immediately and delete your copy from your system.
_______________________________________________
OAuth mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
