when http_build_query() wanted to support different encoding schemes, PHP_QUERY_RFC1738 and PHP_QUERY_RFC3986 was made, instead of creating http_build_query_rfc1738() and http_build_query_rfc3986() , hmm
On Mon, 9 Jan 2023 at 21:12, Tim Düsterhus <t...@bastelstu.be> wrote: > > Hi > > On 1/9/23 19:49, Sara Golemon wrote: > > I've been working with JWTs lately and that means working with Base64URL > > format. (Ref: https://www.rfc-editor.org/rfc/rfc4648#section-5 ) > > This is essentially the same thing as normal Base64, but instead of '+' and > > '/', it uses '-' and '_', respectively. It also allows leaving off the > > training '=' padding characters. > > > > With JWTs you likely also want a constant time encoder that is not > susceptible for cache-timing leaks [1]. For this reason > https://github.com/paragonie/constant_time_encoding is a most-have > dependency for my projects and I generally use the functions of that > library by default, unless there is a reason not to (high performance > required). That library also includes a b32 implementation that cmb wished. > > There's also > https://www.php.net/manual/en/function.sodium-bin2base64.php which is > constant-time and supports b64url, unfortunately it's not guaranteed to > be available. > > Best regards > Tim Düsterhus > > [1] It's likely more important for encrypted tokens, than only for > signed ones. > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php