On Wed, 2022-06-22 at 16:48 +0000, Eliot Kimber wrote:
I’m trying to replicate a call to a remote REST API that uses hmac encoding to construct an authentication string. I’m working from existing Python code that does the same thing.
What I’m seeing is that the crypto:hmac() function can return Base64 strings that include characters that must be escaped in URIs, i.e.:
mTA76dRZkiCf84WUKM/PWySydamj3dMZ6Tm26s9QGNI
(Note the “/”)
I think that / does not need to be escaped in a URI as otherwise things like amazon.com/freestuff/books wouldn't be allowed.
You do need to escape = however, as it is used to represent a space, and you MAY need to escape / depending on the receiving end.
replace($uri, '[+]', '%2B')
would presumably be sufficient for plus, and 2F for / if you need that escaped too.
liam