<div dir="ltr">Hi everyone,<div><br clear="all"><div><div>I&#39;ve been experiencing some random issues when trying to decode the returned idToken from the /protocol/openid-connect/token call. </div><div><br></div><div>I&#39;ve found that sometimes the returned idToken is not multiple of 4 and has no padding at the end of the payload section (where mappers are added). So the result is that I&#39;m losing the last 2 characters of the last mapper value.</div></div><div><br></div><div>This is one example of a failing token (payload only):</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">eyJqdGkiOiI4NWNlOGVlZS00N2Y5LTQzOTMtODc4Yi1iMjRiNTA0YWIzMWYiLCJleHAiOjE0NjI3NjY3MjMsIm5iZiI6MCwiaWF0IjoxNDYyNzY2NDIzLCJpc3MiOiJodHRwczovL2lkbS1zMi5zYi5kZXYuc2JldGVudi5jb20vYXV0aC9yZWFsbXMvZWxlY3RyaWNzaGVlcCIsImF1ZCI6ImVzIiwic3ViIjoiMDNlZGMzNzQtYzgyMC00ZDFhLWJhN2YtM2Y0NzlmOGRiMmM4IiwidHlwIjoiSUQiLCJhenAiOiJlcyIsInNlc3Npb25fc3RhdGUiOiIxY2I0Mjk3Zi04ODA3LTQ4ZWUtODBhNS1hMTI5NzRhN2EyYmQiLCJuYW1lIjoiZm5hbWUgbG5hbWUiLCJjdXN0SWQiOiIyNTY3NTgxIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYW50aHRlc3QiLCJnaXZlbl9uYW1lIjoiZm5hbWUiLCJmYW1pbHlfbmFtZSI6ImxuYW1lIiwiZW1haWwiOiJub2JvZGF5QHNwb3J0c2JldC5jb20uYXUiLCJ0b2tlbiI6Ims4Z3NaKzlsV0dlZUVob212d09ocFk5bXlmeXdOQi9CWE1GWXBEQjErZTdHREJRa0h1R1BSYjJHOE4xYjFRdzJyUHdOVitvTTJzUUlMVVlXYXUvSHFFZ3JWUVhGeGdQd2dTVXl6UUtxaEYydW9KN3JzTFJkSFcza3ZRRy9JMUc1WlFtRnlnRE1va2NUIn0</blockquote><div><br></div><div>787 chars (should be 788)</div><div><br></div><div>if you try to decode it, you&#39;ll get:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">{&quot;jti&quot;:&quot;85ce8eee-47f9-4393-878b-b24b504ab31f&quot;,&quot;exp&quot;:1462766723,&quot;nbf&quot;:0,&quot;iat&quot;:1462766423,&quot;iss&quot;:&quot;<a href="https://idm-s2.sb.dev.sbetenv.com/auth/realms/electricsheep">https://idm-s2.sb.dev.sbetenv.com/auth/realms/electricsheep</a>&quot;,&quot;aud&quot;:&quot;es&quot;,&quot;sub&quot;:&quot;03edc374-c820-4d1a-ba7f-3f479f8db2c8&quot;,&quot;typ&quot;:&quot;ID&quot;,&quot;azp&quot;:&quot;es&quot;,&quot;session_state&quot;:&quot;1cb4297f-8807-48ee-80a5-a12974a7a2bd&quot;,&quot;name&quot;:&quot;fname lname&quot;,&quot;custId&quot;:&quot;2567581&quot;,&quot;preferred_username&quot;:&quot;anthtest&quot;,&quot;given_name&quot;:&quot;fname&quot;,&quot;family_name&quot;:&quot;lname&quot;,&quot;email&quot;:&quot;<a href="mailto:noboday@sportsbet.com.au">noboday@sportsbet.com.au</a>&quot;,&quot;token&quot;:&quot;k8gsZ+9lWGeeEhomvwOhpY9myfywNB/BXMFYpDB1+e7GDBQkHuGPRb2G8N1b1Qw2rPwNV+oM2sQILUYWau/HqEgrVQXFxgPwgSUyzQKqhF2uoJ7rsLRdHW3kvQG/I1G5ZQmFygDMokcT</blockquote><div><br></div><div>Which is incomplete. The last two chars (which are <b>&quot;}</b>) are missing at the end.</div><div><br></div><div>So now, if I take the correct complete json and try to encode using another library (as the one used here: <a href="https://www.base64encode.org/">https://www.base64encode.org/</a>), I&#39;ll get:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">eyJqdGkiOiI4NWNlOGVlZS00N2Y5LTQzOTMtODc4Yi1iMjRiNTA0YWIzMWYiLCJleHAiOjE0NjI3NjY3MjMsIm5iZiI6MCwiaWF0IjoxNDYyNzY2NDIzLCJpc3MiOiJodHRwczovL2lkbS1zMi5zYi5kZXYuc2JldGVudi5jb20vYXV0aC9yZWFsbXMvZWxlY3RyaWNzaGVlcCIsImF1ZCI6ImVzIiwic3ViIjoiMDNlZGMzNzQtYzgyMC00ZDFhLWJhN2YtM2Y0NzlmOGRiMmM4IiwidHlwIjoiSUQiLCJhenAiOiJlcyIsInNlc3Npb25fc3RhdGUiOiIxY2I0Mjk3Zi04ODA3LTQ4ZWUtODBhNS1hMTI5NzRhN2EyYmQiLCJuYW1lIjoiZm5hbWUgbG5hbWUiLCJjdXN0SWQiOiIyNTY3NTgxIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYW50aHRlc3QiLCJnaXZlbl9uYW1lIjoiZm5hbWUiLCJmYW1pbHlfbmFtZSI6ImxuYW1lIiwiZW1haWwiOiJub2JvZGF5QHNwb3J0c2JldC5jb20uYXUiLCJ0b2tlbiI6Ims4Z3NaKzlsV0dlZUVob212d09ocFk5bXlmeXdOQi9CWE1GWXBEQjErZTdHREJRa0h1R1BSYjJHOE4xYjFRdzJyUHdOVitvTTJzUUlMVVlXYXUvSHFFZ3JWUVhGeGdQd2dTVXl6UUtxaEYydW9KN3JzTFJkSFcza3ZRRy9JMUc1WlFtRnlnRE1va2NUIn0<b>=</b></blockquote><div><br></div><div>(788 chars, which is ok)</div><div><br></div><div>Note the equal sign at the end.</div><div><br></div><div>I&#39;m wondering why Keycloak is not adding those paddings, is that a bug on the lib you are using to encode the payload?</div><div><br></div><div>As for now, I&#39;m using a workaround that checks for the length of the token and adds the missing padding when needed before try to decode it.</div><div><br></div><div>







<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="">while</span><span class=""> (payload.length() % </span><span class="">4</span><span class=""> != </span><span class="">0</span><span class="">) payload += </span><span class="">&quot;=&quot;</span><span class="">;</span></blockquote></div><div><br></div><div>That works but it is not ideal. </div><div><br></div><div><b>Should I create a bug on Keycloak&#39;s issue tracker?</b></div><div><br></div><div>Thanks in advance.</div><div><br></div><div>Regards, </div><div>Fab</div>-- <br><div class="gmail_signature"><div dir="ltr"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#000000">Fabricio Milone</font></b></span></div><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><font color="#000000">Developer</font></span></div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><div><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><b><font color="#009900"><br></font></b></span></div>Shine Consulting </font></b></span><span style="font-size:12.8px;font-family:Verdana,Arial,Helvetica,sans-serif"><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">30/600 Bourke Street</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">Melbourne VIC 3000</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">T: 03 8488 9939</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)">M: 04 3200 4006</span></p><p style="font-size:13.3px;color:rgb(0,153,0);margin:0pt"><span style="color:rgb(0,0,0)"><br></span></p></span><span style="font-size:13.3px;font-family:Verdana,Arial,Helvetica,sans-serif"><span style="font-size:13.3px"><p style="margin:0pt"><a href="http://www.shinetech.com/" style="color:rgb(51,51,51)" target="_blank">www.shinetech.com</a><font color="#333333">  </font><i style="color:rgb(51,51,51)"><b>a</b></i><font color="#333333"> passion for excellence</font></p></span></span></div></div>
</div></div>