'is base64 encoding url safe?
I'm using a node.bcrypt.js hash returning hex numbers in node.js for a password reset token.
user.reset_password_token = require('crypto').randomBytes(32).toString('hex'
);
Should I also base64 encode the token before I pass it around in urls (ie: link reset email)?
Is there any benefit to doing this?
I seem to recall base64 encoding can contain forward slashes which would mess up the path:
var token = user.reset_password_token;
//is there any benefit to doing base64 encoding?
var encoded_token = new Buffer(token).toString('base64');
var reset_link = 'http://example.com/reset/'+ encoded_token;
sendResetLink( reset_link );
Solution 1:[1]
Solution 2:[2]
I solved it using URLSafeBase64 nodejs LIB at https://www.npmjs.org/package/urlsafe-base64
var email =email_lines.join("\r\n").trim();
var base64EncodedEmail = URLSafeBase64.encode(new Buffer(email));
gmail.users.messages.send({userId:"me",
resource: {raw:base64EncodedEmail} }, callbackFn});
Solution 3:[3]
You don't need a third-party library for that. You can just use base64url encoding (starting from nodejs v14.18.0)
const encoded_token = Buffer.from(token).toString('base64url');
Solution 4:[4]
Another option is base64url library:
base64url("ladies and gentlemen we are floating in space");
// bGFkaWVzIGFuZCBnZW50bGVtZW4gd2UgYXJlIGZsb2F0aW5nIGluIHNwYWNl
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Gung Foo |
| Solution 2 | peterh |
| Solution 3 | |
| Solution 4 | Pavel Chuchuva |