-
Notifications
You must be signed in to change notification settings - Fork 249
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base64::decode is too strict #5239
Labels
Comments
thanks for the report. The rhai base64 decoding supports multiple alphabets already, but it looks like it was not documented: #3885 |
6 tasks
I just looked into it, the base64 alphabet documentation was moved to the right place |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The
base64::decode
Rhai function is too strict and does not support decoding base64 strings that exclude padding characters and it does not support decoding base64 strings that were encoded using the URL-safe alphabet. Instead, we have to manually add the padding and convert all characters exclusive to URL-safe alphabet to the standard alphabet:We use the
base64::decode
function to decode JWT tokens (we can't use the router's built-in JWT decoding feature for...reasons) and these tokens always exclude padding and always use the URL-safe alphabet but they are not compatible with this decode method.More information about base64 alphabets and padding can be found here on this related Rust page: https://docs.rs/base64/latest/base64/
And Wikipedia's section for base64 on URL applications: https://en.wikipedia.org/wiki/Base64#URL_applications
To Reproduce
Steps to reproduce the behavior:
LSTCoXlGeBXCuMORSkHCgTzCpMKAw6jDkcOTw7t-IEDCrG7Dl8OyHn_DmTAdyZ0lw6zDksOHfwfCjA
Expected behavior
It decodes the base64 encoded string without error
Router:
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: