From 47b20e634ee8cc5118f75d4543f58e3d2dec6fef Mon Sep 17 00:00:00 2001
From: abcang <abcang1015@gmail.com>
Date: Wed, 17 Jul 2024 03:36:36 +0900
Subject: [PATCH] Fix to encode/decode credential id as base64url (#631)

* Fix to encode/decode credential id as base64url

---------

Co-authored-by: Florent Morselli <florent.morselli@spomky-labs.com>
---
 src/webauthn/src/Credential.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/webauthn/src/Credential.php b/src/webauthn/src/Credential.php
index c53e85856..7b0e7b28b 100644
--- a/src/webauthn/src/Credential.php
+++ b/src/webauthn/src/Credential.php
@@ -5,6 +5,7 @@
 namespace Webauthn;
 
 use InvalidArgumentException;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 
 /**
  * @see https://w3c.github.io/webappsec-credential-management/#credential
@@ -33,10 +34,10 @@ public function __construct(
                 'The property "$id" is deprecated and will be removed in 5.0.0. Please set null use "rawId" instead.'
             );
         } else {
-            $id = base64_encode($rawId);
+            $id = Base64UrlSafe::encodeUnpadded($rawId);
         }
         $this->id = $id;
-        $this->rawId = $rawId ?? base64_encode($id);
+        $this->rawId = $rawId ?? Base64UrlSafe::decodeNoPadding($id);
     }
 
     /**