The incoming token is encoded using modified base64 encoding for URL, where
+/ is replaced with -_ to avoid percent-encoded hexadecimal representation.
See also:
http://en.wikipedia.org/wiki/Base64#URL_applications
See also:
http://php.net/manual/en/function.base64-encode.php#103849