element-hq · sandhose · Mar 25, 2025 · Mar 25, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/axum-utils/Cargo.toml b/crates/axum-utils/Cargo.toml
@@ -14,8 +14,8 @@ workspace = true
 [dependencies]
 axum.workspace = true
 axum-extra.workspace = true
+base64ct.workspace = true
 chrono.workspace = true
-data-encoding = "2.8.0"
 headers.workspace = true
 http.workspace = true
 icu_locid = "1.5.0"

diff --git a/crates/axum-utils/src/csrf.rs b/crates/axum-utils/src/csrf.rs
@@ -4,8 +4,8 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 // Please see LICENSE in the repository root for full details.
 
+use base64ct::{Base64UrlUnpadded, Encoding};
 use chrono::{DateTime, Duration, Utc};
-use data_encoding::{BASE64URL_NOPAD, DecodeError};
 use mas_storage::Clock;
 use rand::{Rng, RngCore, distributions::Standard, prelude::Distribution as _};
 use serde::{Deserialize, Serialize};
@@ -35,7 +35,7 @@ pub enum CsrfError {
 
     /// Failed to decode the token
     #[error("could not decode CSRF token")]
-    Decode(#[from] DecodeError),
+    Decode(#[from] base64ct::Error),
 }
 
 /// A CSRF token
@@ -68,7 +68,7 @@ impl CsrfToken {
     /// Get the value to include in HTML forms
     #[must_use]
     pub fn form_value(&self) -> String {
-        BASE64URL_NOPAD.encode(&self.token[..])
+        Base64UrlUnpadded::encode_string(&self.token[..])
     }
 
     /// Verifies that the value got from an HTML form matches this token
@@ -77,7 +77,7 @@ impl CsrfToken {
     ///
     /// Returns an error if the value in the form does not match this token
     pub fn verify_form_value(&self, form_value: &str) -> Result<(), CsrfError> {
-        let form_value = BASE64URL_NOPAD.decode(form_value.as_bytes())?;
+        let form_value = Base64UrlUnpadded::decode_vec(form_value)?;
         if self.token[..] == form_value {
             Ok(())
         } else {

diff --git a/crates/oauth2-types/Cargo.toml b/crates/oauth2-types/Cargo.toml
@@ -12,14 +12,14 @@ repository.workspace = true
 workspace = true
 
 [dependencies]
+base64ct.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 language-tags = { version = "0.3.2", features = ["serde"] }
 url.workspace = true
 serde_with = { version = "3.12.0", features = ["chrono"] }
 chrono.workspace = true
 sha2 = "0.10.8"
-data-encoding = "2.8.0"
 thiserror.workspace = true
 
 mas-iana.workspace = true

diff --git a/crates/oauth2-types/src/pkce.rs b/crates/oauth2-types/src/pkce.rs
@@ -10,7 +10,7 @@
 
 use std::borrow::Cow;
 
-use data_encoding::BASE64URL_NOPAD;
+use base64ct::{Base64UrlUnpadded, Encoding};
 use mas_iana::oauth::PkceCodeChallengeMethod;
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
@@ -98,7 +98,7 @@ impl CodeChallengeMethodExt for PkceCodeChallengeMethod {
                 let mut hasher = Sha256::new();
                 hasher.update(verifier.as_bytes());
                 let hash = hasher.finalize();
-                let verifier = BASE64URL_NOPAD.encode(&hash);
+                let verifier = Base64UrlUnpadded::encode_string(&hash);
                 verifier.into()
             }
             _ => return Err(CodeChallengeError::UnknownChallengeMethod),