BlindSignAuth: Switch to Base64URL encoding for PrivacyPassTokenData outputs
PiperOrigin-RevId: 589802609
diff --git a/quiche/blind_sign_auth/blind_sign_auth.cc b/quiche/blind_sign_auth/blind_sign_auth.cc
index da6b074..fd397dc 100644
--- a/quiche/blind_sign_auth/blind_sign_auth.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth.cc
@@ -527,9 +527,9 @@
privacy::ppn::PrivacyPassTokenData privacy_pass_token_data;
privacy_pass_token_data.mutable_token()->assign(
- absl::Base64Escape(*marshaled_token));
+ absl::WebSafeBase64Escape(*marshaled_token));
privacy_pass_token_data.mutable_encoded_extensions()->assign(
- absl::Base64Escape(encoded_extensions));
+ absl::WebSafeBase64Escape(encoded_extensions));
privacy_pass_token_data.set_use_case_override(use_case);
tokens_vec.push_back(BlindSignToken{
privacy_pass_token_data.SerializeAsString(), public_key_expiry_time});
diff --git a/quiche/blind_sign_auth/blind_sign_auth_test.cc b/quiche/blind_sign_auth/blind_sign_auth_test.cc
index c1d84d9..e776f71 100644
--- a/quiche/blind_sign_auth/blind_sign_auth_test.cc
+++ b/quiche/blind_sign_auth/blind_sign_auth_test.cc
@@ -255,10 +255,10 @@
ASSERT_TRUE(privacy_pass_token_data.ParseFromString(token.token));
// Validate token structure.
std::string decoded_token;
- ASSERT_TRUE(absl::Base64Unescape(privacy_pass_token_data.token(),
- &decoded_token));
+ ASSERT_TRUE(absl::WebSafeBase64Unescape(privacy_pass_token_data.token(),
+ &decoded_token));
std::string decoded_extensions;
- ASSERT_TRUE(absl::Base64Unescape(
+ ASSERT_TRUE(absl::WebSafeBase64Unescape(
privacy_pass_token_data.encoded_extensions(), &decoded_extensions));
}
}