In bug 1433372, we determined that we should percent encode Fernet tokens, because the padding characters (=) aren't considered URL safe by some RFCs.
We also fail some tempest tests because clients sometimes decode or encode responses [0]. We should just remove the padding, that way clients don't have to worry about it. When we go to validate a token, we can determine what the padding is based on the length of the token:
In bug 1433372, we determined that we should percent encode Fernet tokens, because the padding characters (=) aren't considered URL safe by some RFCs.
We also fail some tempest tests because clients sometimes decode or encode responses [0]. We should just remove the padding, that way clients don't have to worry about it. When we go to validate a token, we can determine what the padding is based on the length of the token:
missing_padding = 4 - len(token) % 4
if missing_padding:
token += b'=' * missing_padding
[0] http:// cdn.pasteraw. com/es3j52dpfge m4nom62e7vktk7g 5u2j1