Remove padding characters from random strings

[kuoruan]

• base64.RawURLEncoding added in go 1.15,
  can remove padding '=' characters from base64 strings

When I use gitea as a OIDC provider, I find the code generated by gitea is a base64 string contains =

P9BIOCLzf9pGeDgg6rc2HpLls5kehMVtWrxNfWUdho4=

Then the redirect query become

?code=P9BIOCLzf9pGeDgg6rc2HpLls5kehMVtWrxNfWUdho4%3D&state=MjVmMjhhODMtODA2Yy00

The = in code encoded to %3D and may cause some error. This commit removes the padding characters

[zeripath]

Do we need to make changes to tolerate the raw url encoding when it comes back to us?

[kuoruan]

Current project 's minimal support Golang version defined in go.mod is 1.14, so I updated the code to go 1.14 compatible.
Once the version update to 1.15, we can change to use raw url encoding.

[silverwind]

The = in code encoded to %3D and may cause some error.

It is the correct encoding and I'd say this is a client-side error generally. Still probably fine to trim off the base64 padding as it is optional. A test would be nice.

[silverwind]

On second thought, I think this function should not generate non-alphanumeric characters in first place as they all can cause issues in URLs. The RFC4648 base64 variant that golang uses can produce +, / and = characters.

I think we should just generate alphanumeric only, e.g. [a-zA-Z0-9] to avoid all such issues. See https://stackoverflow.com/questions/22892120 for some options on how to do it.

[lunny]

So how about to use base64.RawURLEncoding?

[zeripath]

So how about to use base64.RawURLEncoding?

#15536 (comment)

Current project 's minimal support Golang version defined in go.mod is 1.14, so I updated the code to go 1.14 compatible.
Once the version update to 1.15, we can change to use raw url encoding.

[silverwind]

Alternative, more extensive PR: #15741