[Microsoft Login Connector Core] BUG - Decoding Base64url
Forge component by Miguel Amado
Published on 03 Sep 2020


I was playing with this component and found out what seems to be a bug. Azure AD issues jwt tokens in base64url variant. If the token payload contains the 62nd or the 63rd encoding characters, the login won't work because it won't be possible to decode the base64 token. It throws an error stating the input base64 string contains invalid characters.

"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "

The solution seems pretty straightforward. In the extension MSLC_Core_StringUtils, the method Base64ToString needs to be updated. I managed to make it work by adding one extra step while normalizing the input:
ssBase64 = ssBase64.Replace("_", "/").Replace("-", "+");


Hi Ivo,

Thank you for bringing this to our attention. I will try to investigate and fix this as soon as possible but this will take some time since I'm currently really busy with some other projects. If you have a example for us that throws this error it will speed up the solution.



Hi Vincent,

I created some users in Azure AD having a tilde (~) in their name. If I try to login with those users I get the error I mentioned. Some examples:

  • João;
  • Simão;
  • Simões.


Rank: #133

Hi Ivo,

Thanks for pointing out that situation.

There is a new version of the component which includes this fix.


João Marques