base64UrlDecode.php
Table of Contents
Functions
- base64UrlDecode() : string|false
- Decodes a base64url-encoded string (RFC 4648 §5).
Functions
base64UrlDecode()
Decodes a base64url-encoded string (RFC 4648 §5).
base64UrlDecode(string $value) : string|false
The decoder is permissive on padding but strict on alphabet:
- Inputs in canonical URL-safe form (no trailing
=) are accepted. - Inputs that still carry the standard padding (
=,==) are also accepted, for interoperability with implementations that emit padded base64url. - Any character outside
[A-Za-z0-9_\-](or=only as trailing padding) causes the function to returnfalse. This includes+,/, whitespace, newlines, control characters and any non-ASCII byte.
The function is binary-safe: it operates on ASCII bytes regardless of the
current mbstring.func_overload setting or locale.
The function does not raise exceptions ; it mirrors the contract of
base64_decode() and returns false on any invalid input.
Note: when comparing a decoded value to a known secret (e.g. an HMAC tag), always use a constant-time comparison such as hash_equals() ; this function itself does not perform any cryptographic comparison.
Parameters
- $value : string
-
The base64url string to decode. May be empty.
Tags
Return values
string|false —The decoded raw bytes, or false if $value is not a
valid base64url string.