Replace jose with custom Base64UrlEncode

This drops the `jose` dependency in the main II codebase to instead use
the browser's `btoa` base64 support with a few tweaks to URL encode in a
JWT-friendly way.

package.json

@@ -66,7 +66,6 @@
     "buffer": "^6.0.3",
     "dompurify": "^3.0.6",
     "idb-keyval": "^6.2.1",
-    "jose": "^5.1.3",
     "lit-html": "^2.7.2",
     "marked": "^11.0.0",
     "process": "^0.11.10",

src/frontend/src/flows/verifiableCredentials/index.ts

@@ -17,7 +17,6 @@ import {
   ECDSAKeyIdentity,
 } from "@dfinity/identity";
 import { isNullish, nonNullish } from "@dfinity/utils";
-import { base64url } from "jose";
 import { abortedCredentials } from "./abortedCredentials";
 import { allowCredentials } from "./allowCredentials";
 import { VcVerifiablePresentation, vcProtocol } from "./postMessageInterface";
@@ -374,6 +373,18 @@ const authenticateForIssuer = async ({
   return { ok: DelegationIdentity.fromDelegation(tempIdentity, delegations) };
 };
 
+// Perform a "base64url" encoding, i.e. a URL-friendly variation of base64 encoding
+const base64UrlEncode = (x: unknown): string => {
+  const json = JSON.stringify(x);
+  // Pretend the json is binary and use btoa (binary-to-ascii as base64) to base64 encode
+  const b64 = btoa(json);
+  // make it URL friendly:
+  // '=': used as padding, just remove
+  // '/': Base64Url as per jwt.io's playgrond replaces it with '_'
+  // '+': Base64Url as per jwt.io's playgrond replaces it with '-'
+  return b64.replace(/=+$/, "").replace("/", "_").replace("+", "-");
+};
+
 // Create the final presentation (to be then returned to the RP)
 const createPresentation = ({
   issuerCanisterId,
@@ -399,8 +410,8 @@ const createPresentation = ({
     },
   };
 
-  const header = base64url.encode(JSON.stringify(headerObj));
-  const payload = base64url.encode(JSON.stringify(payloadObj));
+  const header = base64UrlEncode(headerObj);
+  const payload = base64UrlEncode(payloadObj);
 
   // NOTE: the JWT is not signed, as per the spec
   const signature = "";