BlindSignAuth: Switch to Base64URL encoding for PrivacyPassTokenData outputs

PiperOrigin-RevId: 589802609

quiche/blind_sign_auth/blind_sign_auth.cc

diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index 5224e0e..5d78a87 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc
@@ -522,9 +522,9 @@
 
     privacy::ppn::PrivacyPassTokenData privacy_pass_token_data;
     privacy_pass_token_data.mutable_token()->assign(
-        absl::Base64Escape(*marshaled_token));
+        absl::WebSafeBase64Escape(*marshaled_token));
     privacy_pass_token_data.mutable_encoded_extensions()->assign(
-        absl::Base64Escape(encoded_extensions));
+        absl::WebSafeBase64Escape(encoded_extensions));
     privacy_pass_token_data.set_use_case_override(use_case);
     tokens_vec.push_back(BlindSignToken{
         privacy_pass_token_data.SerializeAsString(), public_key_expiry_time});

quiche/blind_sign_auth/blind_sign_auth_test.cc

diff --git a/quiche/blind_sign_auth/blind_sign_auth_test.cc b/quiche/blind_sign_auth/blind_sign_auth_test.cc
index 51c3136..27883ce 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth_test.cc
@@ -255,10 +255,10 @@
       ASSERT_TRUE(privacy_pass_token_data.ParseFromString(token.token));
       // Validate token structure.
       std::string decoded_token;
-      ASSERT_TRUE(absl::Base64Unescape(privacy_pass_token_data.token(),
-                                       &decoded_token));
+      ASSERT_TRUE(absl::WebSafeBase64Unescape(privacy_pass_token_data.token(),
+                                              &decoded_token));
       std::string decoded_extensions;
-      ASSERT_TRUE(absl::Base64Unescape(
+      ASSERT_TRUE(absl::WebSafeBase64Unescape(
           privacy_pass_token_data.encoded_extensions(), &decoded_extensions));
     }
   }