From 367f8d1280ec8cbbde286c0e64430a925a5d44b3 Mon Sep 17 00:00:00 2001
From: Allan Zhang <6740989+allan2@users.noreply.github.com>
Date: Thu, 27 Nov 2025 16:40:03 -0500
Subject: [PATCH 1/2] fix: rename NOPAD to NO_PAD

base64 crate uses NO_PAD.

https://docs.rs/base64/0.22.1/base64/?search=no_pad
---
 Cargo.toml                           |  2 +-
 examples/web-server.rs               |  2 +-
 src/base64.rs                        |  2 +-
 src/u2f/client/mod.rs                | 12 ++++++------
 src/u2f/server/mod.rs                | 10 +++++-----
 src/webauthn/authenticator/mod.rs    | 26 +++++++++++++-------------
 src/webauthn/authenticator/native.rs |  8 ++++----
 src/webauthn/proto/raw_message.rs    |  4 ++--
 src/webauthn/server/mod.rs           |  4 ++--
 9 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 4beb458..51b4d76 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "slauth"
-version = "0.7.19"
+version = "0.8.0"
 authors = [
     "richer <richer.arc@gmail.com>",
     "LucFauvel <luc.fauvel@hotmail.com>",
diff --git a/examples/web-server.rs b/examples/web-server.rs
index ab47d71..ddfcccf 100644
--- a/examples/web-server.rs
+++ b/examples/web-server.rs
@@ -216,5 +216,5 @@ pub fn gen_challenge(len: usize) -> String {
     let value = (0..len)
         .map(|_| charset.chars().choose(&mut rng).unwrap() as u8)
         .collect::<Vec<u8>>();
-    BASE64_URLSAFE_NOPAD.encode(value.as_slice())
+    BASE64_URLSAFE_NO_PAD.encode(value.as_slice())
 }
diff --git a/src/base64.rs b/src/base64.rs
index 93deff4..bb49f99 100644
--- a/src/base64.rs
+++ b/src/base64.rs
@@ -15,4 +15,4 @@ const CONFIG_NO_PAD: GeneralPurposeConfig = GeneralPurposeConfig::new()
     .with_decode_allow_trailing_bits(true);
 
 pub const BASE64: GeneralPurpose = GeneralPurpose::new(&alphabet::STANDARD, CONFIG);
-pub const BASE64_URLSAFE_NOPAD: GeneralPurpose = GeneralPurpose::new(&alphabet::URL_SAFE, CONFIG_NO_PAD);
+pub const BASE64_URLSAFE_NO_PAD: GeneralPurpose = GeneralPurpose::new(&alphabet::URL_SAFE, CONFIG_NO_PAD);
diff --git a/src/u2f/client/mod.rs b/src/u2f/client/mod.rs
index d5dd2ef..98d2c7e 100644
--- a/src/u2f/client/mod.rs
+++ b/src/u2f/client/mod.rs
@@ -97,8 +97,8 @@ pub mod client {
                     Ok((
                         Response::Register(U2fRegisterResponse {
                             version: U2F_V2_VERSION_STR.to_string(),
-                            client_data: BASE64_URLSAFE_NOPAD.encode(&client_data_str),
-                            registration_data: BASE64_URLSAFE_NOPAD.encode(&raw_rsp_byte),
+                            client_data: BASE64_URLSAFE_NO_PAD.encode(&client_data_str),
+                            registration_data: BASE64_URLSAFE_NO_PAD.encode(&raw_rsp_byte),
                         }),
                         signing_key,
                     ))
@@ -167,8 +167,8 @@ pub mod client {
 
                     Ok(Response::Sign(U2fSignResponse {
                         key_handle: signing_key.key_handle.clone(),
-                        signature_data: BASE64_URLSAFE_NOPAD.encode(&raw_rsp_byte),
-                        client_data: BASE64_URLSAFE_NOPAD.encode(&client_data_str),
+                        signature_data: BASE64_URLSAFE_NO_PAD.encode(&raw_rsp_byte),
+                        client_data: BASE64_URLSAFE_NO_PAD.encode(&client_data_str),
                     }))
                 }
             }
@@ -393,7 +393,7 @@ pub mod client {
         pub unsafe extern "C" fn signing_key_to_string(s: *mut SigningKey) -> *mut c_char {
             let SigningKey { key_handle, private_key } = &*s;
 
-            strings::string_to_c_char(format!("{}.{}", key_handle, BASE64_URLSAFE_NOPAD.encode(private_key)))
+            strings::string_to_c_char(format!("{}.{}", key_handle, BASE64_URLSAFE_NO_PAD.encode(private_key)))
         }
 
         #[no_mangle]
@@ -409,7 +409,7 @@ pub mod client {
                     let mut parts = s.split('.');
                     let l = parts.next().and_then(|key_handle| parts.next().map(|b64| (key_handle, b64)));
 
-                    l.and_then(|(k, b64)| BASE64_URLSAFE_NOPAD.decode(b64).ok().map(|b64_v| (k.to_string(), b64_v)))
+                    l.and_then(|(k, b64)| BASE64_URLSAFE_NO_PAD.decode(b64).ok().map(|b64_v| (k.to_string(), b64_v)))
                 })
                 .map(|(key_handle, key)| {
                     Box::into_raw(Box::new(SigningKey {
diff --git a/src/u2f/server/mod.rs b/src/u2f/server/mod.rs
index 65210c3..66a8319 100644
--- a/src/u2f/server/mod.rs
+++ b/src/u2f/server/mod.rs
@@ -75,7 +75,7 @@ impl U2fRequestBuilder {
             registered_keys,
         } = self;
 
-        let challenge = BASE64_URLSAFE_NOPAD.encode(
+        let challenge = BASE64_URLSAFE_NO_PAD.encode(
             challenge
                 .as_ref()
                 .ok_or_else(|| Error::Other("Unable to build a U2F request without a challenge".to_string()))?,
@@ -153,13 +153,13 @@ impl U2fRegisterResponse {
         }
 
         // Validate that input is consistent with what's expected
-        let registration_data_bytes = BASE64_URLSAFE_NOPAD
+        let registration_data_bytes = BASE64_URLSAFE_NO_PAD
             .decode(registration_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
         let raw_rsp = raw_message::apdu::Response::read_from(&registration_data_bytes)?;
         let raw_u2f_reg = raw_message::RegisterResponse::from_apdu(raw_rsp)?;
 
-        let client_data_bytes = BASE64_URLSAFE_NOPAD
+        let client_data_bytes = BASE64_URLSAFE_NO_PAD
             .decode(client_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
 
@@ -219,13 +219,13 @@ impl U2fSignResponse {
             ..
         } = &self;
 
-        let signature_data_byte = BASE64_URLSAFE_NOPAD
+        let signature_data_byte = BASE64_URLSAFE_NO_PAD
             .decode(signature_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
         let raw_rsp = raw_message::apdu::Response::read_from(&signature_data_byte)?;
         let raw_u2f_sign = raw_message::AuthenticateResponse::from_apdu(raw_rsp)?;
 
-        let client_data_bytes = BASE64_URLSAFE_NOPAD
+        let client_data_bytes = BASE64_URLSAFE_NO_PAD
             .decode(client_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
 
diff --git a/src/webauthn/authenticator/mod.rs b/src/webauthn/authenticator/mod.rs
index b16d962..4f04299 100644
--- a/src/webauthn/authenticator/mod.rs
+++ b/src/webauthn/authenticator/mod.rs
@@ -160,12 +160,12 @@ impl WebauthnAuthenticator {
 
         let challenge = match BASE64.decode(credential_creation_options.challenge.as_str()) {
             Ok(challenge) => challenge,
-            Err(_) => BASE64_URLSAFE_NOPAD.decode(credential_creation_options.challenge)?,
+            Err(_) => BASE64_URLSAFE_NO_PAD.decode(credential_creation_options.challenge)?,
         };
 
         let collected_client_data = CollectedClientData {
             request_type: WEBAUTHN_REQUEST_TYPE_CREATE.to_owned(),
-            challenge: BASE64_URLSAFE_NOPAD.encode(challenge),
+            challenge: BASE64_URLSAFE_NO_PAD.encode(challenge),
             origin: origin.as_ref().unwrap_or(rp_id).clone(),
             cross_origin: false,
             token_binding: None,
@@ -173,7 +173,7 @@ impl WebauthnAuthenticator {
 
         let auth_data = attestation_object.auth_data.clone();
         let credential = PublicKeyCredentialRaw {
-            id: BASE64_URLSAFE_NOPAD.encode(credential_id.clone()),
+            id: BASE64_URLSAFE_NO_PAD.encode(credential_id.clone()),
             raw_id: credential_id,
             response: Some(AuthenticatorAttestationResponseRaw {
                 attestation_object: Some(attestation_object.to_bytes()?),
@@ -322,10 +322,10 @@ impl WebauthnAuthenticator {
 
         let challenge = BASE64
             .decode(credential_request_options.challenge.as_str())
-            .or(BASE64_URLSAFE_NOPAD.decode(credential_request_options.challenge))?;
+            .or(BASE64_URLSAFE_NO_PAD.decode(credential_request_options.challenge))?;
         let collected_client_data = CollectedClientData {
             request_type: WEBAUTHN_REQUEST_TYPE_GET.to_owned(),
-            challenge: BASE64_URLSAFE_NOPAD.encode(challenge),
+            challenge: BASE64_URLSAFE_NO_PAD.encode(challenge),
             origin: origin.as_ref().unwrap_or(rp_id).clone(),
             cross_origin: false,
             token_binding: None,
@@ -338,7 +338,7 @@ impl WebauthnAuthenticator {
         let signature = Self::generate_signature(auth_data_bytes.as_slice(), hash.as_slice(), private_key)?;
 
         Ok(PublicKeyCredentialRaw {
-            id: BASE64_URLSAFE_NOPAD.encode(credential_id.clone()),
+            id: BASE64_URLSAFE_NO_PAD.encode(credential_id.clone()),
             raw_id: credential_id,
             response: Some(AuthenticatorAttestationResponseRaw {
                 attestation_object: None,
@@ -380,7 +380,7 @@ impl WebauthnAuthenticator {
         let private_key_response: PrivateKeyResponse = serde_cbor::from_slice(
             &BASE64
                 .decode(private_key.as_str())
-                .or(BASE64_URLSAFE_NOPAD.decode(private_key.as_str()))?,
+                .or(BASE64_URLSAFE_NO_PAD.decode(private_key.as_str()))?,
         )?;
 
         match private_key_response.key_alg {
@@ -410,7 +410,7 @@ impl WebauthnAuthenticator {
         let private_key_response: PrivateKeyResponse = serde_cbor::from_slice(
             &BASE64
                 .decode(private_key.as_str())
-                .or(BASE64_URLSAFE_NOPAD.decode(private_key.as_str()))?,
+                .or(BASE64_URLSAFE_NO_PAD.decode(private_key.as_str()))?,
         )?;
 
         match private_key_response.key_alg {
@@ -418,18 +418,18 @@ impl WebauthnAuthenticator {
                 let key = ed25519_dalek::SigningKey::try_from(private_key_response.private_key.as_slice()).or(
                     ed25519_dalek::SigningKey::from_pkcs8_der(private_key_response.private_key.as_slice()),
                 )?;
-                Ok(BASE64_URLSAFE_NOPAD.encode(key.to_pkcs8_der()?.as_bytes()))
+                Ok(BASE64_URLSAFE_NO_PAD.encode(key.to_pkcs8_der()?.as_bytes()))
             }
             CoseAlgorithmIdentifier::ES256 => {
                 let key = p256::ecdsa::SigningKey::from_pkcs8_der(private_key_response.private_key.as_slice())
                     .or(p256::ecdsa::SigningKey::try_from(private_key_response.private_key.as_slice()))?;
-                Ok(BASE64_URLSAFE_NOPAD.encode(key.to_pkcs8_der()?.as_bytes()))
+                Ok(BASE64_URLSAFE_NO_PAD.encode(key.to_pkcs8_der()?.as_bytes()))
             }
             CoseAlgorithmIdentifier::RSA => {
                 let key = rsa::RsaPrivateKey::from_pkcs1_der(&private_key_response.private_key)
                     .or(rsa::RsaPrivateKey::from_pkcs8_der(&private_key_response.private_key))?;
                 let signing_key = rsa::pkcs1v15::SigningKey::<Sha256>::new(key);
-                Ok(BASE64_URLSAFE_NOPAD.encode(signing_key.to_pkcs8_der()?.as_bytes()))
+                Ok(BASE64_URLSAFE_NO_PAD.encode(signing_key.to_pkcs8_der()?.as_bytes()))
             }
             _ => Err(WebauthnCredentialRequestError::AlgorithmNotSupported),
         }
@@ -438,7 +438,7 @@ impl WebauthnAuthenticator {
     pub fn convert_pkcs8_der_to_custom_private_key(private_key: String) -> Result<String, WebauthnCredentialRequestError> {
         let private_key_bytes = BASE64
             .decode(private_key.as_str())
-            .or(BASE64_URLSAFE_NOPAD.decode(private_key.as_str()))?;
+            .or(BASE64_URLSAFE_NO_PAD.decode(private_key.as_str()))?;
 
         match PrivateKeyInfo::try_from(private_key_bytes.as_slice())?.algorithm.oid {
             OID_ED25519 => {
@@ -581,7 +581,7 @@ fn test_credential_generation() {
                     rp_id: Some("localhost".to_owned()),
                     allow_credentials: vec![PublicKeyCredentialDescriptor {
                         cred_type: PublicKeyCredentialType::PublicKey,
-                        id: BASE64_URLSAFE_NOPAD.encode(&cred_uuid),
+                        id: BASE64_URLSAFE_NO_PAD.encode(&cred_uuid),
                         transports: None,
                     }],
                     extensions: Extensions::default(),
diff --git a/src/webauthn/authenticator/native.rs b/src/webauthn/authenticator/native.rs
index f27d0f0..881414b 100644
--- a/src/webauthn/authenticator/native.rs
+++ b/src/webauthn/authenticator/native.rs
@@ -294,11 +294,11 @@ pub mod android {
                 authenticator_attachment: Some("cross-platform".to_owned()),
                 client_extension_results: HashMap::new(),
                 response: raw.response.map(|response| AuthenticatorAttestationResponse {
-                    attestation_object: response.attestation_object.map(|ad| BASE64_URLSAFE_NOPAD.encode(ad)),
+                    attestation_object: response.attestation_object.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
                     client_data_json: BASE64.encode(&response.client_data_json),
-                    authenticator_data: response.authenticator_data.map(|ad| BASE64_URLSAFE_NOPAD.encode(ad)),
-                    signature: response.signature.map(|ad| BASE64_URLSAFE_NOPAD.encode(ad)),
-                    user_handle: response.user_handle.map(|ad| BASE64_URLSAFE_NOPAD.encode(ad)),
+                    authenticator_data: response.authenticator_data.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
+                    signature: response.signature.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
+                    user_handle: response.user_handle.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
                 }),
                 credential_type: Some("public-key".to_owned()),
                 error: None,
diff --git a/src/webauthn/proto/raw_message.rs b/src/webauthn/proto/raw_message.rs
index e49a8ae..fd260ad 100644
--- a/src/webauthn/proto/raw_message.rs
+++ b/src/webauthn/proto/raw_message.rs
@@ -617,7 +617,7 @@ impl Display for Coordinates {
             _ => {}
         }
 
-        write!(f, "{}", BASE64_URLSAFE_NOPAD.encode(&key))
+        write!(f, "{}", BASE64_URLSAFE_NO_PAD.encode(&key))
     }
 }
 
@@ -625,7 +625,7 @@ impl FromStr for Coordinates {
     type Err = Error;
 
     fn from_str(s: &str) -> Result<Self, Self::Err> {
-        let key = BASE64_URLSAFE_NOPAD.decode(s).map_err(Error::Base64Error)?;
+        let key = BASE64_URLSAFE_NO_PAD.decode(s).map_err(Error::Base64Error)?;
 
         match key[0] {
             ECDSA_Y_PREFIX_UNCOMPRESSED => {
diff --git a/src/webauthn/server/mod.rs b/src/webauthn/server/mod.rs
index 1b777e9..8e8021c 100644
--- a/src/webauthn/server/mod.rs
+++ b/src/webauthn/server/mod.rs
@@ -438,7 +438,7 @@ impl CredentialRequestBuilder {
 
     pub fn prf_credential<T: Into<Option<Vec<u8>>>>(mut self, credential_id: Vec<u8>, first: Vec<u8>, second: T) -> Self {
         if let Some(prf) = self.prf.as_mut() {
-            let encoded_credential_id = BASE64_URLSAFE_NOPAD.encode(credential_id);
+            let encoded_credential_id = BASE64_URLSAFE_NO_PAD.encode(credential_id);
             prf.eval_by_credential.insert(
                 encoded_credential_id,
                 AuthenticationExtensionsPRFValues {
@@ -470,7 +470,7 @@ impl CredentialRequestBuilder {
         let prf = self.prf.as_mut().expect("initialized above");
 
         for (credential_id, first, second) in credentials {
-            let encoded_credential_id = BASE64_URLSAFE_NOPAD.encode(&credential_id);
+            let encoded_credential_id = BASE64_URLSAFE_NO_PAD.encode(&credential_id);
             prf.eval_by_credential
                 .insert(encoded_credential_id, AuthenticationExtensionsPRFValues { first, second });
         }

From c37f28edd3c097b0c72c554bdad4cd75095461a2 Mon Sep 17 00:00:00 2001
From: Allan Zhang <6740989+allan2@users.noreply.github.com>
Date: Thu, 27 Nov 2025 16:43:24 -0500
Subject: [PATCH 2/2] fix: rename URLSAFE to URL_SAFE

---
 examples/web-server.rs               |  2 +-
 src/base64.rs                        |  2 +-
 src/u2f/client/mod.rs                | 12 ++++++------
 src/u2f/server/mod.rs                | 10 +++++-----
 src/webauthn/authenticator/mod.rs    | 26 +++++++++++++-------------
 src/webauthn/authenticator/native.rs |  8 ++++----
 src/webauthn/proto/raw_message.rs    |  4 ++--
 src/webauthn/server/mod.rs           |  4 ++--
 8 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/examples/web-server.rs b/examples/web-server.rs
index ddfcccf..a6a0994 100644
--- a/examples/web-server.rs
+++ b/examples/web-server.rs
@@ -216,5 +216,5 @@ pub fn gen_challenge(len: usize) -> String {
     let value = (0..len)
         .map(|_| charset.chars().choose(&mut rng).unwrap() as u8)
         .collect::<Vec<u8>>();
-    BASE64_URLSAFE_NO_PAD.encode(value.as_slice())
+    BASE64_URL_SAFE_NO_PAD.encode(value.as_slice())
 }
diff --git a/src/base64.rs b/src/base64.rs
index bb49f99..35e49d7 100644
--- a/src/base64.rs
+++ b/src/base64.rs
@@ -15,4 +15,4 @@ const CONFIG_NO_PAD: GeneralPurposeConfig = GeneralPurposeConfig::new()
     .with_decode_allow_trailing_bits(true);
 
 pub const BASE64: GeneralPurpose = GeneralPurpose::new(&alphabet::STANDARD, CONFIG);
-pub const BASE64_URLSAFE_NO_PAD: GeneralPurpose = GeneralPurpose::new(&alphabet::URL_SAFE, CONFIG_NO_PAD);
+pub const BASE64_URL_SAFE_NO_PAD: GeneralPurpose = GeneralPurpose::new(&alphabet::URL_SAFE, CONFIG_NO_PAD);
diff --git a/src/u2f/client/mod.rs b/src/u2f/client/mod.rs
index 98d2c7e..2819d0d 100644
--- a/src/u2f/client/mod.rs
+++ b/src/u2f/client/mod.rs
@@ -97,8 +97,8 @@ pub mod client {
                     Ok((
                         Response::Register(U2fRegisterResponse {
                             version: U2F_V2_VERSION_STR.to_string(),
-                            client_data: BASE64_URLSAFE_NO_PAD.encode(&client_data_str),
-                            registration_data: BASE64_URLSAFE_NO_PAD.encode(&raw_rsp_byte),
+                            client_data: BASE64_URL_SAFE_NO_PAD.encode(&client_data_str),
+                            registration_data: BASE64_URL_SAFE_NO_PAD.encode(&raw_rsp_byte),
                         }),
                         signing_key,
                     ))
@@ -167,8 +167,8 @@ pub mod client {
 
                     Ok(Response::Sign(U2fSignResponse {
                         key_handle: signing_key.key_handle.clone(),
-                        signature_data: BASE64_URLSAFE_NO_PAD.encode(&raw_rsp_byte),
-                        client_data: BASE64_URLSAFE_NO_PAD.encode(&client_data_str),
+                        signature_data: BASE64_URL_SAFE_NO_PAD.encode(&raw_rsp_byte),
+                        client_data: BASE64_URL_SAFE_NO_PAD.encode(&client_data_str),
                     }))
                 }
             }
@@ -393,7 +393,7 @@ pub mod client {
         pub unsafe extern "C" fn signing_key_to_string(s: *mut SigningKey) -> *mut c_char {
             let SigningKey { key_handle, private_key } = &*s;
 
-            strings::string_to_c_char(format!("{}.{}", key_handle, BASE64_URLSAFE_NO_PAD.encode(private_key)))
+            strings::string_to_c_char(format!("{}.{}", key_handle, BASE64_URL_SAFE_NO_PAD.encode(private_key)))
         }
 
         #[no_mangle]
@@ -409,7 +409,7 @@ pub mod client {
                     let mut parts = s.split('.');
                     let l = parts.next().and_then(|key_handle| parts.next().map(|b64| (key_handle, b64)));
 
-                    l.and_then(|(k, b64)| BASE64_URLSAFE_NO_PAD.decode(b64).ok().map(|b64_v| (k.to_string(), b64_v)))
+                    l.and_then(|(k, b64)| BASE64_URL_SAFE_NO_PAD.decode(b64).ok().map(|b64_v| (k.to_string(), b64_v)))
                 })
                 .map(|(key_handle, key)| {
                     Box::into_raw(Box::new(SigningKey {
diff --git a/src/u2f/server/mod.rs b/src/u2f/server/mod.rs
index 66a8319..8255762 100644
--- a/src/u2f/server/mod.rs
+++ b/src/u2f/server/mod.rs
@@ -75,7 +75,7 @@ impl U2fRequestBuilder {
             registered_keys,
         } = self;
 
-        let challenge = BASE64_URLSAFE_NO_PAD.encode(
+        let challenge = BASE64_URL_SAFE_NO_PAD.encode(
             challenge
                 .as_ref()
                 .ok_or_else(|| Error::Other("Unable to build a U2F request without a challenge".to_string()))?,
@@ -153,13 +153,13 @@ impl U2fRegisterResponse {
         }
 
         // Validate that input is consistent with what's expected
-        let registration_data_bytes = BASE64_URLSAFE_NO_PAD
+        let registration_data_bytes = BASE64_URL_SAFE_NO_PAD
             .decode(registration_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
         let raw_rsp = raw_message::apdu::Response::read_from(&registration_data_bytes)?;
         let raw_u2f_reg = raw_message::RegisterResponse::from_apdu(raw_rsp)?;
 
-        let client_data_bytes = BASE64_URLSAFE_NO_PAD
+        let client_data_bytes = BASE64_URL_SAFE_NO_PAD
             .decode(client_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
 
@@ -219,13 +219,13 @@ impl U2fSignResponse {
             ..
         } = &self;
 
-        let signature_data_byte = BASE64_URLSAFE_NO_PAD
+        let signature_data_byte = BASE64_URL_SAFE_NO_PAD
             .decode(signature_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
         let raw_rsp = raw_message::apdu::Response::read_from(&signature_data_byte)?;
         let raw_u2f_sign = raw_message::AuthenticateResponse::from_apdu(raw_rsp)?;
 
-        let client_data_bytes = BASE64_URLSAFE_NO_PAD
+        let client_data_bytes = BASE64_URL_SAFE_NO_PAD
             .decode(client_data)
             .map_err(|e| Error::Registration(e.to_string()))?;
 
diff --git a/src/webauthn/authenticator/mod.rs b/src/webauthn/authenticator/mod.rs
index 4f04299..48ee00d 100644
--- a/src/webauthn/authenticator/mod.rs
+++ b/src/webauthn/authenticator/mod.rs
@@ -160,12 +160,12 @@ impl WebauthnAuthenticator {
 
         let challenge = match BASE64.decode(credential_creation_options.challenge.as_str()) {
             Ok(challenge) => challenge,
-            Err(_) => BASE64_URLSAFE_NO_PAD.decode(credential_creation_options.challenge)?,
+            Err(_) => BASE64_URL_SAFE_NO_PAD.decode(credential_creation_options.challenge)?,
         };
 
         let collected_client_data = CollectedClientData {
             request_type: WEBAUTHN_REQUEST_TYPE_CREATE.to_owned(),
-            challenge: BASE64_URLSAFE_NO_PAD.encode(challenge),
+            challenge: BASE64_URL_SAFE_NO_PAD.encode(challenge),
             origin: origin.as_ref().unwrap_or(rp_id).clone(),
             cross_origin: false,
             token_binding: None,
@@ -173,7 +173,7 @@ impl WebauthnAuthenticator {
 
         let auth_data = attestation_object.auth_data.clone();
         let credential = PublicKeyCredentialRaw {
-            id: BASE64_URLSAFE_NO_PAD.encode(credential_id.clone()),
+            id: BASE64_URL_SAFE_NO_PAD.encode(credential_id.clone()),
             raw_id: credential_id,
             response: Some(AuthenticatorAttestationResponseRaw {
                 attestation_object: Some(attestation_object.to_bytes()?),
@@ -322,10 +322,10 @@ impl WebauthnAuthenticator {
 
         let challenge = BASE64
             .decode(credential_request_options.challenge.as_str())
-            .or(BASE64_URLSAFE_NO_PAD.decode(credential_request_options.challenge))?;
+            .or(BASE64_URL_SAFE_NO_PAD.decode(credential_request_options.challenge))?;
         let collected_client_data = CollectedClientData {
             request_type: WEBAUTHN_REQUEST_TYPE_GET.to_owned(),
-            challenge: BASE64_URLSAFE_NO_PAD.encode(challenge),
+            challenge: BASE64_URL_SAFE_NO_PAD.encode(challenge),
             origin: origin.as_ref().unwrap_or(rp_id).clone(),
             cross_origin: false,
             token_binding: None,
@@ -338,7 +338,7 @@ impl WebauthnAuthenticator {
         let signature = Self::generate_signature(auth_data_bytes.as_slice(), hash.as_slice(), private_key)?;
 
         Ok(PublicKeyCredentialRaw {
-            id: BASE64_URLSAFE_NO_PAD.encode(credential_id.clone()),
+            id: BASE64_URL_SAFE_NO_PAD.encode(credential_id.clone()),
             raw_id: credential_id,
             response: Some(AuthenticatorAttestationResponseRaw {
                 attestation_object: None,
@@ -380,7 +380,7 @@ impl WebauthnAuthenticator {
         let private_key_response: PrivateKeyResponse = serde_cbor::from_slice(
             &BASE64
                 .decode(private_key.as_str())
-                .or(BASE64_URLSAFE_NO_PAD.decode(private_key.as_str()))?,
+                .or(BASE64_URL_SAFE_NO_PAD.decode(private_key.as_str()))?,
         )?;
 
         match private_key_response.key_alg {
@@ -410,7 +410,7 @@ impl WebauthnAuthenticator {
         let private_key_response: PrivateKeyResponse = serde_cbor::from_slice(
             &BASE64
                 .decode(private_key.as_str())
-                .or(BASE64_URLSAFE_NO_PAD.decode(private_key.as_str()))?,
+                .or(BASE64_URL_SAFE_NO_PAD.decode(private_key.as_str()))?,
         )?;
 
         match private_key_response.key_alg {
@@ -418,18 +418,18 @@ impl WebauthnAuthenticator {
                 let key = ed25519_dalek::SigningKey::try_from(private_key_response.private_key.as_slice()).or(
                     ed25519_dalek::SigningKey::from_pkcs8_der(private_key_response.private_key.as_slice()),
                 )?;
-                Ok(BASE64_URLSAFE_NO_PAD.encode(key.to_pkcs8_der()?.as_bytes()))
+                Ok(BASE64_URL_SAFE_NO_PAD.encode(key.to_pkcs8_der()?.as_bytes()))
             }
             CoseAlgorithmIdentifier::ES256 => {
                 let key = p256::ecdsa::SigningKey::from_pkcs8_der(private_key_response.private_key.as_slice())
                     .or(p256::ecdsa::SigningKey::try_from(private_key_response.private_key.as_slice()))?;
-                Ok(BASE64_URLSAFE_NO_PAD.encode(key.to_pkcs8_der()?.as_bytes()))
+                Ok(BASE64_URL_SAFE_NO_PAD.encode(key.to_pkcs8_der()?.as_bytes()))
             }
             CoseAlgorithmIdentifier::RSA => {
                 let key = rsa::RsaPrivateKey::from_pkcs1_der(&private_key_response.private_key)
                     .or(rsa::RsaPrivateKey::from_pkcs8_der(&private_key_response.private_key))?;
                 let signing_key = rsa::pkcs1v15::SigningKey::<Sha256>::new(key);
-                Ok(BASE64_URLSAFE_NO_PAD.encode(signing_key.to_pkcs8_der()?.as_bytes()))
+                Ok(BASE64_URL_SAFE_NO_PAD.encode(signing_key.to_pkcs8_der()?.as_bytes()))
             }
             _ => Err(WebauthnCredentialRequestError::AlgorithmNotSupported),
         }
@@ -438,7 +438,7 @@ impl WebauthnAuthenticator {
     pub fn convert_pkcs8_der_to_custom_private_key(private_key: String) -> Result<String, WebauthnCredentialRequestError> {
         let private_key_bytes = BASE64
             .decode(private_key.as_str())
-            .or(BASE64_URLSAFE_NO_PAD.decode(private_key.as_str()))?;
+            .or(BASE64_URL_SAFE_NO_PAD.decode(private_key.as_str()))?;
 
         match PrivateKeyInfo::try_from(private_key_bytes.as_slice())?.algorithm.oid {
             OID_ED25519 => {
@@ -581,7 +581,7 @@ fn test_credential_generation() {
                     rp_id: Some("localhost".to_owned()),
                     allow_credentials: vec![PublicKeyCredentialDescriptor {
                         cred_type: PublicKeyCredentialType::PublicKey,
-                        id: BASE64_URLSAFE_NO_PAD.encode(&cred_uuid),
+                        id: BASE64_URL_SAFE_NO_PAD.encode(&cred_uuid),
                         transports: None,
                     }],
                     extensions: Extensions::default(),
diff --git a/src/webauthn/authenticator/native.rs b/src/webauthn/authenticator/native.rs
index 881414b..9d8c19f 100644
--- a/src/webauthn/authenticator/native.rs
+++ b/src/webauthn/authenticator/native.rs
@@ -294,11 +294,11 @@ pub mod android {
                 authenticator_attachment: Some("cross-platform".to_owned()),
                 client_extension_results: HashMap::new(),
                 response: raw.response.map(|response| AuthenticatorAttestationResponse {
-                    attestation_object: response.attestation_object.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
+                    attestation_object: response.attestation_object.map(|ad| BASE64_URL_SAFE_NO_PAD.encode(ad)),
                     client_data_json: BASE64.encode(&response.client_data_json),
-                    authenticator_data: response.authenticator_data.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
-                    signature: response.signature.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
-                    user_handle: response.user_handle.map(|ad| BASE64_URLSAFE_NO_PAD.encode(ad)),
+                    authenticator_data: response.authenticator_data.map(|ad| BASE64_URL_SAFE_NO_PAD.encode(ad)),
+                    signature: response.signature.map(|ad| BASE64_URL_SAFE_NO_PAD.encode(ad)),
+                    user_handle: response.user_handle.map(|ad| BASE64_URL_SAFE_NO_PAD.encode(ad)),
                 }),
                 credential_type: Some("public-key".to_owned()),
                 error: None,
diff --git a/src/webauthn/proto/raw_message.rs b/src/webauthn/proto/raw_message.rs
index fd260ad..f04140a 100644
--- a/src/webauthn/proto/raw_message.rs
+++ b/src/webauthn/proto/raw_message.rs
@@ -617,7 +617,7 @@ impl Display for Coordinates {
             _ => {}
         }
 
-        write!(f, "{}", BASE64_URLSAFE_NO_PAD.encode(&key))
+        write!(f, "{}", BASE64_URL_SAFE_NO_PAD.encode(&key))
     }
 }
 
@@ -625,7 +625,7 @@ impl FromStr for Coordinates {
     type Err = Error;
 
     fn from_str(s: &str) -> Result<Self, Self::Err> {
-        let key = BASE64_URLSAFE_NO_PAD.decode(s).map_err(Error::Base64Error)?;
+        let key = BASE64_URL_SAFE_NO_PAD.decode(s).map_err(Error::Base64Error)?;
 
         match key[0] {
             ECDSA_Y_PREFIX_UNCOMPRESSED => {
diff --git a/src/webauthn/server/mod.rs b/src/webauthn/server/mod.rs
index 8e8021c..ff37a8a 100644
--- a/src/webauthn/server/mod.rs
+++ b/src/webauthn/server/mod.rs
@@ -438,7 +438,7 @@ impl CredentialRequestBuilder {
 
     pub fn prf_credential<T: Into<Option<Vec<u8>>>>(mut self, credential_id: Vec<u8>, first: Vec<u8>, second: T) -> Self {
         if let Some(prf) = self.prf.as_mut() {
-            let encoded_credential_id = BASE64_URLSAFE_NO_PAD.encode(credential_id);
+            let encoded_credential_id = BASE64_URL_SAFE_NO_PAD.encode(credential_id);
             prf.eval_by_credential.insert(
                 encoded_credential_id,
                 AuthenticationExtensionsPRFValues {
@@ -470,7 +470,7 @@ impl CredentialRequestBuilder {
         let prf = self.prf.as_mut().expect("initialized above");
 
         for (credential_id, first, second) in credentials {
-            let encoded_credential_id = BASE64_URLSAFE_NO_PAD.encode(&credential_id);
+            let encoded_credential_id = BASE64_URL_SAFE_NO_PAD.encode(&credential_id);
             prf.eval_by_credential
                 .insert(encoded_credential_id, AuthenticationExtensionsPRFValues { first, second });
         }