Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:119252 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 60567 invoked from network); 10 Jan 2023 12:02:18 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 10 Jan 2023 12:02:18 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id A0AF5180538 for ; Tue, 10 Jan 2023 04:02:17 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-yw1-f182.google.com (mail-yw1-f182.google.com [209.85.128.182]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 10 Jan 2023 04:02:17 -0800 (PST) Received: by mail-yw1-f182.google.com with SMTP id 00721157ae682-4b6255ce5baso150267667b3.11 for ; Tue, 10 Jan 2023 04:02:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Sqss/sRMYCrsenu8KjDKrCHGK1F1w9Jww+adzRoZEZ8=; b=a9/FqkAJW/FFs6GZo8DIlfInfkXGqn0TLinDyPpL81HzjCyEQjJs4VR8Zt+3XCkvYx zj+3s8Wm3u4ZRq2F4NzxMir9qZyhh39dYeuK2pfDJplk+c9BorN8ig0HA9fracJ8no1V LLvIL00TwN4czlME//05+IbTJPRz1QKNqq8x+6gpV2IGDNqih1bjsm24Zf3GSYsIMZia yZPD2H5K/dXTS4LpkzmMUwceNhW/UwEbOrF1Y1x6/Q8xfZ9cWoN1flu22uKsVPNiF3e8 dMNBSCxs1yK+pKqBhwgzBb8ynKPNLDjnbcnnJTS5vIUc4QIYdCA7Pto7S6G0zB+8WsyB mvfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Sqss/sRMYCrsenu8KjDKrCHGK1F1w9Jww+adzRoZEZ8=; b=k+EXBxWNJYhGLi5kaY6ff9OnsplRH+mxrulQSb6j6BP3g6S+jSWEEYsWT1SoCDSq7j +1bBPbQkFmFQHgLbYMbpEYb/uubONduWlTQOrnlDGsS7nsJOcGq6FR/ixz4F/rZG32nT GlqchRFsZWhnIU3BR9uS4d0FhF80n49iu9dqhwRWRF7gZaLtrwzcSLdkMc8mVnE0omXj KhCFuip1custTv0m6ARpty3DePnN491Qi6VM13048qvSohh6ZSMaR5sEjStfeqF78P4g eK0U95yo2joTycXuN+gghSUMsH6xZp/0PSBFHHZwGH/vdUOfWB4N/r93hDPmvT2WK0gS PFZw== X-Gm-Message-State: AFqh2kr3vLl4NlyMdEFg0/RYMGcEOAIg2Q7UrCdAd0VixMeIfxyxG79o 5HEJxLTUPBKRw5RoHPDi07yw4bO62D7/dmrzJZM= X-Google-Smtp-Source: AMrXdXv2a54I3kLIs7mn5oSv9uEqMVeqtYMsmrXAp3CGP60BIrfm85IKh7nUAyMAq2bzHlw4A2D8Rx3llsBtnMwDPvc= X-Received: by 2002:a81:e56:0:b0:46d:f613:f2a6 with SMTP id 83-20020a810e56000000b0046df613f2a6mr1087352ywo.52.1673352135992; Tue, 10 Jan 2023 04:02:15 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 10 Jan 2023 13:01:40 +0100 Message-ID: To: David Gebler Cc: Derick Rethans , Sara Golemon , PHP internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] base64url format From: divinity76@gmail.com (Hans Henrik Bergan) how about base64_encode(string $string, int $flags = 0): string with $flags accepting BASE64_RFC4648 and BASE64_NO_PADDING or something to that effect? On Mon, 9 Jan 2023 at 22:56, David Gebler wrote: > > On Mon, Jan 9, 2023 at 9:42 PM Derick Rethans > wrote: > > > On 9 January 2023 18:49:28 GMT, Sara Golemon wrote: > > >I've been working with JWTs lately and that means working with Base64URL > > >format. (Ref: https://www.rfc-editor.org/rfc/rfc4648#section-5 ) > > >This is essentially the same thing as normal Base64, but instead of '+' > > and > > >'/', it uses '-' and '_', respectively. It also allows leaving off the > > >training '=' padding characters. > > > > > >So far, I've just been including polyfills like this: > > > > > >function base64url_decode(string $str): string { > > > return base64_decode(str_pad(strtr($str, '-_', '+/'), (4 - > > >(strlen($str) % 4)) % 4, '=')); > > >} > > > > > >function base64_encode(string $str): string { > > > return rtrim(strtr(base64_encode($str), '+/', '-_'), '='); > > >} > > > > > >These work fine, but they create a LOT of string copies along the way > > which > > >shouldn't be necessary. > > >Would anyone mind if skipped RFC and just added `base64url_encode()` and > > >`base64url_decode()` to PHP 8.3? > > > > Should these be new functions, or options to base64_encode instead? I'd > > guess base64_decode could just accept both? > > > I think from a UX/DX perspective, separate functions would be my > preference, base64_url_encode and base64_url_decode (extra underscore which > I feel is more consistent with PHP stock library). One consideration though > is that base64_urlencode or base64_url_encode are function names which are > likely already defined by a number of userland projects or libraries, since > it's a very common thing to do with the prevalence of JWTs, so if the RFC > process is being bypassed in this case, a new optional parameter to > base64_encode might be better. But I think it would be weird to have > base64_encode(bool $urlEncode = false) or something, which is presumably > what it would look like. > > Dare I float the suggestion of a Base64 class, making base64_encode and > base64_decode functions aliases for Base64::encode() and Base64::decode() > respectively, then new Base64::urlEncode() and urlDecode() methods?