Add checksum checking when validating VendorChecksum API tokens.
Review Request #12663 — Created Oct. 3, 2022 and submitted — Latest diff uploaded
This change makes the
VendorChecksumTokenGenerator
check the token's checksum
when validating tokens. This makes the token validation more precise and is
useful for weeding out any false positives during secret scanning.This also fixes the character set that we're using for base62-encoding the
token checksums. The previous one had incorrectly swapped the placement of the
capital and lowercase characters in the set. Tokens that were generated using
the old character set are still considered valid.
Ran unit tests.