Proposal: using URL and filename safe base64 encoder for serializing macaroons

Question

Proposal: using URL and filename safe base64 encoder for serializing macaroons

Closed this issue 10 years ago · 3 comments

Hi,

the current serialization format of macaroons uses Base64, as described in RFC 1521.
When using macaroons as bearer tokens in HTTP requests (e.g. query params)
this may cause problems, because Base64 uses characters like + and / for encoding.

There is an alternative: RFC 4648 (Oct.2006),
which describes Base 64 Encoding with URL and filename safe alphabet.
The changes in encoding are minimal: two alphabet characters changed and no padding is applied.
See also:
https://tools.ietf.org/html/rfc4648#section-5

What do you think about changing the serialization to base64url (the preferred name, as stated in the RFC).

Regards
Martin

Answer 1 · 2014-10-22T16:36:26.000Z

I've got no objection to such a change. @rogpeppe, any objection to making this change in your implementation?

In any case, I suspect some decoders may just work with both formats, so we may be OK to change no matter what.

Answer 2 · 2014-11-11T16:30:25.000Z

I've gone ahead and implemented this in a backwards compatible way. New macaroons will be serialized in base64url, while the decoder can parse both old and new forms.

Answer 3 · 2014-11-24T23:07:34.000Z

👍
Followed with latest jmacaroons code :-)