[Openid-specs-ab] Issue #1251: Reference JWS definition of base64url encoding (openid/connect)

gffletch issues-reply at bitbucket.org
Fri Jun 25 21:35:37 UTC 2021

New issue 1251: Reference JWS definition of base64url encoding


It turns out that RFC 4648 that defines the base64url character set does NOT require the omission of padding characters. According to that specification, padding character `=` is allowed. The JWS RFC 7515 does define and additional restriction to base64url encoding that requires that the padding character be omitted.

Recommending that we make an errata update to reference the JWS definition for base64url encoding within the core spec to be explicitly clear that all OIDC uses of base64url encoding are required to omit the padding characters.

More information about the Openid-specs-ab mailing list