The thing is that =
is not really safe to use in URLs so you either need to encode it (additional hassle)
or leave it out (and make sure you don’t break decoding).
The RFC suggests that:
The pad character "=" is typically percent-encoded when used in an URI.
Hence I asked, in the pull request comment, if we should include =
too.
In some circumstances, the use of padding ("=") in base-encoded data is not required or used.
In the general case, when assumptions about the size of transported data cannot be made,
padding is required to yield correct decoded data.
In fact, as the Api Security in Action book tells us,
it’s common to exclude padding
because you often know the whole encoded value before the decoding process starts.
public class Base64Url {
// For more about padding and when it's needed see: https://stackoverflow.com/questions/4080988/why-does-base64-encoding-require-padding-if-the-input-length-is-not-divisible-by
private static final Base64.Encoder encoder = Base64.getUrlEncoder().withoutPadding();
private static final Base64.Decoder decoder = Base64.getUrlDecoder();
public static String encode(byte[] data) {
// Note that this uses ISO-8859-1 - should be safe since Base64 uses only ASCII characters anyway
return encoder.encodeToString(data);
}
public static byte[] decode(String encoded) {
return decoder.decode(encoded);
}
public static void main(String[] args) {
System.out.println("Default charset: " + Charset.defaultCharset());
System.out.println(encode("ahojľščáýíô".getBytes()));
System.out.println("decoded: " + new String(decode(encode("ahojľščáýíô".getBytes()))));
}
}