Hi John
Thanks for the comments, what I'm curious about is not how to get a
generated (bearer) access token encoded with the encoded value having a
fewer number of characters but how to better support a security
requirement that it should be difficult for an attacker to reproduce a
given access token value...
So I've been wondering if the fact that Base64(URL) has a richer set of
characters than HEX makes it a better alternative...Not 100% sure how
important it can be...
Thanks, Sergey
On 07/04/15 14:09, John Bradley wrote:
Best would depend on what you are encoding. If the thing you are encoding is
mostly URL safe then using URL escaping might give you the smallest result.
If it is 8bit data then BASE64URL will give you a smaller result than HEX
encoding.
JWT use BASE64URL as a datapoint.
John B.
On Apr 7, 2015, at 3:58 AM, Sergey Beryozkin <sberyoz...@gmail.com> wrote:
Hi
Would it be correct to assume that the best method for encoding the
auto-generated bearer tokens is Base64URL ? I've spotted recently some of our
code uses the Hex encoding which I believe is inferior compared to Base64URL
given that the latter has a richer set of characters.
Is it a correct assumption ?
Thanks, Sergey
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
