base64url of certificate fingerprint contains padding

The Base64Url encoded certificate fingerprint used in the accesstoken contains padding. This is not allowed according to: https://www.rfc-editor.org/rfc/rfc8705#section-3.1-2 which states: "The base64url-encoded value MUST omit all trailing pad '=' characters and MUST NOT include any line breaks, whitespace, or other additional characters."

See below patch to fix this. Unfortunately I am not able to offer this as a PR due to lack of permissions.

---
 fsc-inway-traefik-plugin/pkg/certutil/certutil.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fsc-inway-traefik-plugin/pkg/certutil/certutil.go b/fsc-inway-traefik-plugin/pkg/certutil/certutil.go
index d3941b8..4b2a9a3 100644
--- a/fsc-inway-traefik-plugin/pkg/certutil/certutil.go
+++ b/fsc-inway-traefik-plugin/pkg/certutil/certutil.go
@@ -14,7 +14,7 @@ import (
 
 func CertificateFingerprint(cert *x509.Certificate) string {
 	fingerprint := sha256.Sum256(cert.Raw)
-	return base64.URLEncoding.EncodeToString(fingerprint[:])
+	return base64.RawURLEncoding.EncodeToString(fingerprint[:])
 }
 
 // Based on tls.LoadX509KeyPair()
--

Edited Jun 07, 2023 by Pim Gaemers