Specify NUT-22 authA serialization #353

Merged

robwoodgate merged 2 commits from nut-22-autha into main

2026-03-21 08:01:48 +00:00

robwoodgate commented

2026-03-16 20:24:06 +00:00

(Migrated from github.com)

NUT-22 does not specify the base64 encoding variant to use.

CDK uses general_purpose::URL_SAFE, which requires base64 URL with padding .

This PR requires mints to support both padded and unpadded forms (as per https://github.com/cashubtc/nuts/pull/147).

Implementation

Cashu-TS: https://github.com/cashubtc/cashu-ts/pull/529 (sends padded)
CDK: https://github.com/cashubtc/cdk/issues/1740
Nutshell: https://github.com/cashubtc/nutshell/issues/919

NOTE: This was not an issue prior to keysets v2, as keyset v1 IDs (16 chars) produced serialized BAT JSON of exactly 174 bytes, and 174 % 3 = 0 — so base64 encoding never produced any padding before.

NUT-22 does not specify the base64 encoding variant to use. CDK uses [general_purpose::URL_SAFE](https://github.com/cashubtc/cdk/blob/8ed5c86625ef6e238692761c8a64231ebd560a57/crates/cashu/src/nuts/auth/nut22.rs#L244), which requires base64 URL _**with padding**_ . This PR requires mints to support both padded and unpadded forms (as per https://github.com/cashubtc/nuts/pull/147). # Implementation - [x] Cashu-TS: https://github.com/cashubtc/cashu-ts/pull/529 (sends padded) - [x] CDK: https://github.com/cashubtc/cdk/issues/1740 - [x] Nutshell: https://github.com/cashubtc/nutshell/issues/919 **NOTE:** This was not an issue prior to keysets v2, as keyset v1 IDs (16 chars) produced serialized BAT JSON of exactly 174 bytes, and 174 % 3 = 0 — so base64 encoding never produced any padding before.

thesimplekid commented

2026-03-18 10:01:11 +00:00

(Migrated from github.com)

@robwoodgate looks like what I told you was wrong. We did not restrict the spec for the normal tokens. So I think we should do the same here and cdk should be changed to be less restrictive.

https://github.com/cashubtc/nuts/pull/147

@robwoodgate looks like what I told you was wrong. We did not restrict the spec for the normal tokens. So I think we should do the same here and cdk should be changed to be less restrictive. https://github.com/cashubtc/nuts/pull/147

robwoodgate commented

2026-03-18 10:42:20 +00:00

(Migrated from github.com)

@robwoodgate looks like what I told you was wrong. We did not restrict the spec for the normal tokens. So I think we should do the same here and cdk should be changed to be less restrictive.

#147

@thesimplekid - that is even better. I've tweaked the spec to say mints MUST support both forms.

I'll leave Cashu-TS on padded, as that is backwards compatible with CDK <= 0.15.2

Please can you raise a ticket to sort CDK and pop it on this PR when ready.

> @robwoodgate looks like what I told you was wrong. We did not restrict the spec for the normal tokens. So I think we should do the same here and cdk should be changed to be less restrictive. > > #147 @thesimplekid - that is even better. I've tweaked the spec to say mints MUST support both forms. I'll leave Cashu-TS on padded, as that is backwards compatible with CDK <= 0.15.2 Please can you raise a ticket to sort CDK and pop it on this PR when ready.

👍 1

thesimplekid (Migrated from github.com) approved these changes

2026-03-18 12:52:09 +00:00