From 722f811001a16d62e69af76de8a889e6eac4a48f Mon Sep 17 00:00:00 2001
From: Michael FIG <mfig@agoric.com>
Date: Sun, 13 Sep 2020 16:37:17 -0600
Subject: [PATCH] fix: make generateAccessToken URL-safe by default

---
 packages/agoric-cli/lib/open.js                      | 9 +++++++--
 packages/cosmic-swingset/lib/ag-solo/access-token.js | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/packages/agoric-cli/lib/open.js b/packages/agoric-cli/lib/open.js
index 1ede58cc6e8..2f4572305df 100644
--- a/packages/agoric-cli/lib/open.js
+++ b/packages/agoric-cli/lib/open.js
@@ -5,15 +5,20 @@ import path from 'path';
 
 import { openSwingStore } from '@agoric/swing-store-simple';
 
-// From https://stackoverflow.com/a/43866992/14073862
+// Adapted from https://stackoverflow.com/a/43866992/14073862
 export function generateAccessToken({
-  stringBase = 'base64',
+  stringBase = 'base64url',
   byteLength = 48,
 } = {}) {
   return new Promise((resolve, reject) =>
     crypto.randomBytes(byteLength, (err, buffer) => {
       if (err) {
         reject(err);
+      } else if (stringBase === 'base64url') {
+        // Convert to url-safe base64.
+        const base64 = buffer.toString('base64');
+        const base64url = base64.replace(/\+/g, '-').replace(/\//g, '_');
+        resolve(base64url);
       } else {
         resolve(buffer.toString(stringBase));
       }
diff --git a/packages/cosmic-swingset/lib/ag-solo/access-token.js b/packages/cosmic-swingset/lib/ag-solo/access-token.js
index 5d64de67d86..a712d1b8bae 100644
--- a/packages/cosmic-swingset/lib/ag-solo/access-token.js
+++ b/packages/cosmic-swingset/lib/ag-solo/access-token.js
@@ -4,15 +4,20 @@ import path from 'path';
 
 import { openSwingStore } from '@agoric/swing-store-simple';
 
-// From https://stackoverflow.com/a/43866992/14073862
+// Adapted from https://stackoverflow.com/a/43866992/14073862
 export function generateAccessToken({
-  stringBase = 'base64',
+  stringBase = 'base64url',
   byteLength = 48,
 } = {}) {
   return new Promise((resolve, reject) =>
     crypto.randomBytes(byteLength, (err, buffer) => {
       if (err) {
         reject(err);
+      } else if (stringBase === 'base64url') {
+        // Convert to url-safe base64.
+        const base64 = buffer.toString('base64');
+        const base64url = base64.replace(/\+/g, '-').replace(/\//g, '_');
+        resolve(base64url);
       } else {
         resolve(buffer.toString(stringBase));
       }