Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] 'Illegal base64 character 2d' occurs when decoding token values in TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse for specific accounts #922

Open
proj2k opened this issue Mar 12, 2025 · 1 comment
Labels
Bug Something isn't working, needs an investigation and a fix P2 Normal priority items, should be done after P1

Comments

@proj2k
Copy link

proj2k commented Mar 12, 2025

Library version used

1.19.1

Java version

1.8

Scenario

ConfidentialClient - web site (AcquireTokenByAuthCode)

Is this a new or an existing app?

None

Issue description and reproduction steps

While using msal4j OAuth authentication, for specific users, the error 'java.lang.IllegalArgumentException: Illegal base64 character 2d' occurred.
The error location is as follows:

class TokenRequestExecutor {
...
  private AuthenticationResult createAuthenticationResultFromOauthHttpResponse(HTTPResponse oauthHttpResponse) throws ParseException {
  ...
  idTokenJson = new String(Base64.getDecoder().decode(tokens.getIDTokenString().split("\\.")[1]), StandardCharsets.UTF_8);
  ...
  }
}

For your reference, this error does not occur in version 1.18.0 which uses Base64.getUrlEncoder().
Thank you

Relevant code snippets

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

@proj2k proj2k added needs attention Automatically used when an issue is created through an issue template untriaged Automatically used when an issue is created through an issue template labels Mar 12, 2025
@Avery-Dunn Avery-Dunn added Bug Something isn't working, needs an investigation and a fix P2 Normal priority items, should be done after P1 and removed needs attention Automatically used when an issue is created through an issue template untriaged Automatically used when an issue is created through an issue template labels Mar 12, 2025
@Avery-Dunn
Copy link
Collaborator

Thanks for bringing this to our attention! Seems like the change was made in this PR: #894

Previously we parsed the ID token using the Base64.decodeToString method from the nimbus-jose-jwt, and the naming/decompiled code suggests they only dealt with regular base64 but maybe the dependency was doing something extra to handle URL encoding: https://javadoc.io/doc/com.nimbusds/nimbus-jose-jwt/latest/com/nimbusds/jose/util/Base64.html

We'll have a fix using a URL decoder out in the next release. Not ETA yet, but I'll update this thread with more info when we have it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working, needs an investigation and a fix P2 Normal priority items, should be done after P1
Projects
None yet
Development

No branches or pull requests

2 participants