is base64 encoding url safe?

Question

I'm using a node.bcrypt.js hash returning hex numbers in node.js for a password reset token.

user.reset_password_token = require('crypto').randomBytes(32).toString('hex'
);

Should I also base64 encode the token before I pass it around in urls (ie: link reset email)?

Is there any benefit to doing this?

I seem to recall base64 encoding can contain forward slashes which would mess up the path:

   var token = user.reset_password_token;

   //is there any benefit to doing base64 encoding?
   var encoded_token = new Buffer(token).toString('base64');

   var reset_link = 'http://example.com/reset/'+ encoded_token;
   sendResetLink( reset_link );

Answer 1

You don't need a third-party library for that. You can just use base64url encoding (starting from nodejs v14.18.0)

const encoded_token = Buffer.from(token).toString('base64url');