when http_build_query() wanted to support different encoding schemes,
PHP_QUERY_RFC1738 and PHP_QUERY_RFC3986 was made, instead of creating
http_build_query_rfc1738() and http_build_query_rfc3986() , hmm

On Mon, 9 Jan 2023 at 21:12, Tim Düsterhus <t...@bastelstu.be> wrote:
>
> Hi
>
> On 1/9/23 19:49, Sara Golemon wrote:
> > I've been working with JWTs lately and that means working with Base64URL
> > format. (Ref: https://www.rfc-editor.org/rfc/rfc4648#section-5 )
> > This is essentially the same thing as normal Base64, but instead of '+' and
> > '/', it uses '-' and '_', respectively. It also allows leaving off the
> > training '=' padding characters.
> >
>
> With JWTs you likely also want a constant time encoder that is not
> susceptible for cache-timing leaks [1]. For this reason
> https://github.com/paragonie/constant_time_encoding is a most-have
> dependency for my projects and I generally use the functions of that
> library by default, unless there is a reason not to (high performance
> required). That library also includes a b32 implementation that cmb wished.
>
> There's also
> https://www.php.net/manual/en/function.sodium-bin2base64.php which is
> constant-time and supports b64url, unfortunately it's not guaranteed to
> be available.
>
> Best regards
> Tim Düsterhus
>
> [1] It's likely more important for encrypted tokens, than only for
> signed ones.
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Reply via email to