Hey,
thanks for contributing!
Your right, the RFC suggests that the key the user supplies should be
interpreted as base64url and not base64. Since I'm not the first and
probably won't be the last to run into this mistake, I wonder if it
might be worth to be a bit more lenient and implement a simp
Accroding to RFC 8555:
> The MAC key SHOULD be provided in base64url-encoded form...
However, currently we are only decoding the MAC key as base64.
This patch uses the correct function to decode the user provided
MAC key as base64url format. This can fix authentication error
when a user uses comma
