Use paragonie's Base64UrlSafe encoding library

api/components/Tokens/Component.php

@@ -8,6 +8,7 @@ use Exception;
 use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Parser;
 use Lcobucci\JWT\Token;
+use ParagonIE\ConstantTime\Base64UrlSafe;
 use Webmozart\Assert\Assert;
 use yii\base\Component as BaseComponent;
 
@@ -96,15 +97,14 @@ class Component extends BaseComponent {
     public function encryptValue(string $rawValue): string {
         /** @noinspection PhpUnhandledExceptionInspection */
         $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
-        $cipher = $this->base64UrlEncode($nonce . sodium_crypto_secretbox($rawValue, $nonce, $this->encryptionKey));
+        $cipher = Base64UrlSafe::encodeUnpadded($nonce . sodium_crypto_secretbox($rawValue, $nonce, $this->encryptionKey));
         sodium_memzero($rawValue);
 
         return $cipher;
     }
 
     public function decryptValue(string $encryptedValue): string {
-        $decoded = $this->base64UrlDecode($encryptedValue);
-        Assert::true($decoded !== false, 'passed value has an invalid base64 encoding');
+        $decoded = Base64UrlSafe::decode($encryptedValue);
         Assert::true(mb_strlen($decoded, '8bit') >= (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES));
         $nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
         $cipherText = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
@@ -139,12 +139,4 @@ class Component extends BaseComponent {
         return $value;
     }
 
-    private function base64UrlEncode(string $rawValue): string {
-        return rtrim(strtr(base64_encode($rawValue), '+/', '-_'), '=');
-    }
-
-    private function base64UrlDecode(string $encodedValue): string {
-        return base64_decode(str_pad(strtr($encodedValue, '-_', '+/'), strlen($encodedValue) % 4, '=', STR_PAD_RIGHT));
-    }
-
 }