Base64 padding

[emersion]

The salmon spec defines the base64url encoding as follows:

The encoding used to convert between the MIME type and the "data" string. In this specification, encoding MUST be the string "base64url", indicating the url safe base64 encoding as described in RFC 4648 [RFC4648], sans any trailing padding with equals (=) characters, and with the additional whitespace normalization rules specified in Section 5.1. All implementations MUST support this encoding. Appears exactly once.

Mastodon is sending base64 data with padding = characters, and it shouldn't. You can set the padding parameter to false to solve this.

The decode_base64 hack is related to this: https://github.com/tootsuite/ostatus2/blob/master/lib/ostatus2/magic_key.rb#L12

[ghost]

There was a later rev of magic-sig which stripped all the '=' from base64url and we had an issue with StatusNet at the time (I filed this same bug against StatusNet in 2010 iirc) which forced everybody to (potentially) send two salmons for each message as you couldn't be sure which would verify against which revision of the spec. I note that this later rev (and one following that with different namespaces and which was even messier to implement - potentially requiring you to send the same message 3 times) both sort of vanished from the "official" salmon repo. I'm taking that to indicate the later revs were dropped but somebody should ask John Panzer. I think most everybody that's still using XML on the federated web is using rev 01 of magicsig (the one which allows '=').

[dichro]

Is there a path forward on this? If I'm reading the code correctly, Mastodon won't interoperate with an implementation that doesn't include padding (eg, emersion's, which is the only credible attempt at an OStatus library in Go that I can find).