Unnecessary custom base64 implementation

[joonas-fi]

Go has RawStdEncoding which makes this unnecessary:

jwt/token.go

Line 247 in 1639fcf

func Base64Encode(src []byte) []byte {

Not trying to nitpick here, rather I think security-wise it's dangerous as a concept to mutate untrusted input data before it's fed to a signature validation algorithm

[joonas-fi]

If you're open to more suggestions:

jwt/util.go

Line 6 in 1639fcf

func BytesToString(b []byte) string {

I think Go has recently done some optimizations where the compiler automatically optimizes these. I feel a bit unsafe with unsafe and doing special tricks in a security-critical library

[kataras]

Hello @joonas-fi,

BytesToString and Base64Encode are mostly helpers for users of this package. BytesToString is used just on a single return statement, inside the blockfile.go file, of course we can remove it from there if that's a "security" issue for you, I can live without it too. Base64Encode is used one "encodeToken" just to encode server-side data, the custom claims you/your program provides and NOT the user/client's one - I don't see any security-wise issue here but I am open for further discussion.