Todd Nine (Migrated from SEC-1655) said:
Currently, the option to Base64 encode is hard coded. We use the PasswordEncoder not only for passwords, but for generating one time tokens as well. The encoding with "/" and "=" can be a bit frustrating when dealing with tokens and the web tier. It would be nice if we had the option to use our own Base64 encoder to allow us to always generate web compliant base64 .
Luke Taylor said:
I'd prefer to keep Base64 encoding as an internal implementation detail as it is now.This isn't really what the PasswordEncoder interface is intended for so I'd recommend you create your own token generator strategy interface.