avoid using URL encoding to generate keys (#6731)

2024-10-03 06:34:57 +00:00 · 2018-10-31 15:07:20 -07:00 · 2018-10-31 15:07:20 -07:00 · 89b14639a9
parent 3f744c0361
commit 89b14639a9
1 changed files with 2 additions and 1 deletions
--- a/pkg/auth/credentials.go
+++ b/pkg/auth/credentials.go
@ -21,6 +21,7 @@ import (
 	"crypto/subtle"
 	"encoding/base64"
 	"fmt"
+	"strings"
 	"time"

 	jwtgo "github.com/dgrijalva/jwt-go"
@ -131,7 +132,7 @@ func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string)
 	if err != nil {
 		return cred, err
 	}
-	cred.SecretKey = string([]byte(base64.URLEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen])
+	cred.SecretKey = strings.Replace(string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]), "/", "+", -1)
 	cred.Status = "enabled"

 	expiry, ok := m["exp"].(float64)