fix: use URL-safe base64 encoding

ericnorris · ericnorris · commit 85b964a65b5e · 2026-02-04T13:56:51.000-05:00
Prior to this commit, this used standard encoding, which worked up until relatively recently. Now, unfortunately, using standard encoding appears to be unsupported: ``` error: unexpected status code from GitHub API (401): { "message": "Bad credentials", "documentation_url": "https://docs.github.com/rest", "status": "401" } ``` This is, in a sense, not surprising because JWTs are typically base64 URL-safe encoded. It's surprising that this worked before, however.
diff --git a/internal/jwt.go b/internal/jwt.go
@@ -50,7 +50,7 @@ func (s *payloadSigner) appendPayload(payload any) (string, error) {
 		return "", err
 	}
 
-	return jwtHeader + "." + base64.StdEncoding.EncodeToString(jsonPayload), nil
+	return jwtHeader + "." + base64.RawURLEncoding.EncodeToString(jsonPayload), nil
 }
 
 func (s *payloadSigner) appendSignature(hp string) (string, error) {
@@ -62,5 +62,5 @@ func (s *payloadSigner) appendSignature(hp string) (string, error) {
 		return "", err
 	}
 
-	return hp + "." + base64.StdEncoding.EncodeToString(signature), nil
+	return hp + "." + base64.RawURLEncoding.EncodeToString(signature), nil
 }

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ func (s *payloadSigner) appendPayload(payload any) (string, error) {`
`50`	`50`	`return "", err`
`51`	`51`	`}`
`52`	`52`
`53`		`- return jwtHeader + "." + base64.StdEncoding.EncodeToString(jsonPayload), nil`
	`53`	`+ return jwtHeader + "." + base64.RawURLEncoding.EncodeToString(jsonPayload), nil`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`func (s *payloadSigner) appendSignature(hp string) (string, error) {`
`@@ -62,5 +62,5 @@ func (s *payloadSigner) appendSignature(hp string) (string, error) {`
`62`	`62`	`return "", err`
`63`	`63`	`}`
`64`	`64`
`65`		`- return hp + "." + base64.StdEncoding.EncodeToString(signature), nil`
	`65`	`+ return hp + "." + base64.RawURLEncoding.EncodeToString(signature), nil`
`66`	`66`	`}`