Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double base64-url encoded claims #206

Closed
jricher opened this issue Sep 5, 2015 · 2 comments
Closed

Double base64-url encoded claims #206

jricher opened this issue Sep 5, 2015 · 2 comments
Labels
core Related to (original UMA1) core spec scope; may use obsolete language V1.0.1

Comments

@jricher
Copy link

jricher commented Sep 5, 2015

In §3.6.2.1, the text states that the claim token parameter is:

claim information in the indicated format, base64url encoded

Why the encoding restriction? What of claims already base64url encoded like JWT? Do I need to turn my JWT from this:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzd
WIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4g
RG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E
2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

to this:

ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJN
klrcFhWQ0o5LmV5SnpkV0lpT2lJeE1qTTBOVFk
zT0Rrd0lpd2libUZ0WlNJNklrcHZhRzRnUkc5bElp
d2lZV1J0YVc0aU9uUnlkV1Y5LlRKVkE5NU9yTT
dFMmNCYWIzMFJNSHJIRGNFZnhqb1laZ2VGT
05GaDdIZ1E

before sending it in this field? This is not only wasteful in terms of processing and space overhead, but it's also counter to one of the major purposes of the JWT format: it can go in nearly any field without needing further encoding.
@xmlgrrl xmlgrrl added core Related to (original UMA1) core spec scope; may use obsolete language V1.0.1 and removed V1.0.1 labels Sep 5, 2015
@xmlgrrl
Copy link

xmlgrrl commented Sep 7, 2015

base64urlception! Oops. Yes, we meant "base64url encoded if it is not already so encoded". (We were thinking specifically of SAML when we added that.)

xmlgrrl added a commit that referenced this issue Sep 8, 2015
@xmlgrrl
Completed #206
b08bcd2
@xmlgrrl
Copy link

xmlgrrl commented Sep 8, 2015

In UMA ad hoc telecon 2015-09-08 (which had quorum), this was the discussion and conclusion:

"We have rough consensus that one base64url encoding is enough! Anyone who thought otherwise would need to go and fix their V1.0 implementation."

Let's keep the change and close the issue.

@xmlgrrl xmlgrrl closed this as completed Sep 8, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core Related to (original UMA1) core spec scope; may use obsolete language V1.0.1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jricher @xmlgrrl