MetadataProvider and update

Tom Scavo trscavo at
Thu May 11 18:50:43 EDT 2017

On Thu, May 11, 2017 at 5:06 PM, Brent Putman <putmanb at> wrote:
> ... recently whilst re-reading the
> JOSE/JWT/OAuth2/OIDC specs, I was reminded of the alternate base64url
> encoding defined in RFC 4648 [1] that is used everywhere in those specs.  In
> the RFC it's explicitly mentioned as intended to be filesystem-safe as well
> as URL-safe (for the latter removing the need for a URL encoding).  That
> encoding replaces the pesky and problematic '/', and '+' characters with the
> more filename-friendly '-' and '_', and makes '=' padding optional (you can
> compute it based on the encoded length).  So it has occurred to me that
> base64url encoding for these filename cases might actually work fine. And
> it also makes the filenames reversible from the filename alone (as opposed
> to having to peek inside the XML and parse out the entityID).

Wow, that's very interesting. I wonder if there are tools that support
the base64url encoding? (The *nix base64 command doesn't seem to



More information about the users mailing list