Illegal base64 character 5f when decoding token with username with umlaut

Description

Calling Token.getClaims(“x.eyJzdWIiOiJmb2_DpCJ9.x“) should return this JSON:

Actual result:

Cause:

Correct code:

JWT uses base64url encoding and not base64 encoding that makes a difference for umlauts and other UTF8 characters:
https://www.rfc-editor.org/rfc/rfc7519 – JWT
https://www.rfc-editor.org/rfc/rfc4648#section-5 – base64url encoding and decoding
https://www.rfc-editor.org/rfc/rfc4648#section-4 – base64 encoding and decoding

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Linked issues

blocks

MODUSERBL-182

Users with non-ASCII characters in username are unable to login

relates to

OKAPI-1187

Illegal base64 character 5f on token with umlaut

FST-80

Illegal base64 character 5f on token with umlaut

MODUSERBL-208

Query fails on username with special characters (CQL and URL injection). (Query with username fails when username contains non-url-encoded characters)

Checklist

hide

Activity

Show:

Done

Details

Assignee

Julian Ladisch

Reporter

Julian Ladisch

Priority

TBD

Development Team

Core: Platform

Fix versions

2.14.2

2.15.2

RCA Group

Implementation coding issue

Affected releases

Quesnelia (R1 2024)

Poppy (R2 2023)

Orchid (R1 2023)

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created June 4, 2024 at 7:39 PM

Updated October 30, 2024 at 9:53 PM

Resolved June 5, 2024 at 10:37 PM

Configure

TestRail: Cases

TestRail: Runs