@serhiy-storchaka Thanks for this, can you link this PR to either the original issue or a new issue for tracking purposes.

But urlsafe_b64decode() does not have the validate parameter.

I wonder if for urlsafe_b64decode() it is okay to error out on bad characters as the function name is more clear that this is for a specific base64 alphabet?

But is not passing altchars to b64decode() also makes it clear that it uses a different alphabet?

@serhiy-storchaka Yes maybe you're right that using altchars is enough that users should be expecting the alphabet to completely shift. I did some poking around with libraries that use altchars with b64decode() and found comments that confirm your thinking. Maybe that's a vote for moving to always erroring in case a non-alphabet value is supplied?

If this is only for 3.15, then making validate=True by default will make the code more reliable by default.

Sorry to comment on a merged pull request but I'd rather ask the question here before opening an issue:

The altchars len validation moved from a simple assert to a ValueError. While I think it makes sense it's not being documented as being changed. Should it be ?
This also makes the check in the encode function to now behave differently (still the simple assert) which lacks consistency:

Does either of this concerns make sense ? If so I'll open a new issue.

feel free to open a new PR referencing the same issue for little cleanup followups like that. We don't need to document ValueError or document that one as that is a normal error response to an API not being used quite right.