Base64URL is a modification of the main Base64 standard, the purpose of which is the ability to use the encoding result as filename or URL address. The Base64URL is described in RFC 4648 § 5, where it is mentioned that the standard Base64 alphabet contains invalid characters for URLs and filenames.
The first problem is that the main standard uses “+” as the 62rd character and “=” as padding character. Both characters have a special meaning in the URI address: “+” is interpreted as space, while “=” is used to send data via query string as “key=value” pair. As you understand, using these symbols may lead to various errors.
The second problem — the main standard uses “/” as the 63rd character, which both for URL addresses and for file system locations, represents the directory separator. Therefore in this case errors are guaranteed.
To avoid the errors above, it was proposed to use a “safe alphabet” for URL addresses and filenames. Thus, the Base64URL was born. It uses the same algorithm as the main standard, but differs in the following:
- Replaces “+” by “-” (minus)
- Replaces “/” by “_” (underline)
- Does not require a padding character
- Forbids line separators
For example, the main standard will encode
PDw/Pz8+Pg== while Base64URL will convert it to
PDw_Pz8-Pg. As you can see, only special characters have been changed, while the letters and digits have remained intact.
If you want to see it in action, check the following tools:
This page would be incomplete without Base64URL characters table. So, meet it:
Given all of the above, a Base64URL value can be defined using the following regular expression:
I would also like to provide some additional links: