"Invalid length for a Base-64 char array or string" when decoding JWT.IO token

Question

I have a JWT token, and I'm trying to decode the payload. The string I'm trying to decode is:

eyJzdWIiOiIyMzEzOTE6MTAxMjpFQiBBZG1pbixFQiBDaGVjayBJbi9PdXQgUmVzb3VyY2VzLEVCIE1hc3RlciBBZG1pbiIsImV4cCI6IjE1NDUyNTc2MDkiLCJhdWQiOiI0OTk0QzgxMC02QUMyLTQ3NkYtQjUyQi04MjQ5NUUzRUNBNTgifQ

If I go to https://www.base64decode.org/ and plug in that string, it decodes just fine to:

{"sub":"231391:1012:EB Admin,EB Check In/Out Resources,EB Master Admin","exp":"1545257466","aud":"4994C810-6AC2-476F-B52B-82495E3ECA58"}

But with this:

byte[] dataPayload = Convert.FromBase64String(tokenPayload);

I get:

Invalid length for a Base-64 char array or string

Not sure what I am doing wrong.

EDIT:

This is the entire JWT, as delivered by JWT.IO (i added line breaks so it's easier to read)...

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIyMzEzOTE6MTAxMjpFQiBBZG1pbixFQiBDaGVjayBJbi9PdXQgUmVzb3VyY2VzLEVCIE1hc3RlciBBZG1pbiIsImV4cCI6IjE1NDUyNTc4ODMiLCJhdWQiOiI0OTk0QzgxMC02QUMyLTQ3NkYtQjUyQi04MjQ5NUUzRUNBNTgifQ. 0oaXmDOlYdHSTLo7t7fFpHG2T0DMRpAoERxiM_Ur5O4

This same two line of code have been working fine:

string tokenPayload = _jwtData.WebToken.Split('.')[1];
byte[] dataPayload = Convert.FromBase64String(tokenPayload);

But for some reason that I don't understand, now I am getting this error.

Related: https://stackoverflow.com/questions/858761/what-causing-this-invalid-length-for-a-base-64-char-array/9301545#9301545 — James, Dec 19 '18 at 22:10
Hint: count the characters in your base64-encoded string. Some libraries are more forgiving than others. — Christopher Schultz, Dec 20 '18 at 04:52

score 1 · Answer 1 · answered Dec 19 '18 at 22:09

1

You are missing padding. Take a look at the following: https://en.wikipedia.org/wiki/Base64#Output_padding

So in your case, the correct JWT token is: eyJzdWIiOiIyMzEzOTE6MTAxMjpFQiBBZG1pbixFQiBDaGVjayBJbi9PdXQgUmVzb3VyY2VzLEVCIE1hc3RlciBBZG1pbiIsImV4cCI6IjE1NDUyNTc2MDkiLCJhdWQiOiI0OTk0QzgxMC02QUMyLTQ3NkYtQjUyQi04MjQ5NUUzRUNBNTgifQ==

answered Dec 19 '18 at 22:09

Klaud

96
4

Ok? what's odd is that this same line of code has worked before. It just all of a sudden stopped working. – Casey Crookston Dec 19 '18 at 22:10
@CaseyCrookston The string must have been different in the past. – mjwills Dec 19 '18 at 22:10
see edit to the OP – Casey Crookston Dec 19 '18 at 22:14
Test the string's length before you try to decode it. If it's off, add some padding. Whoever is building the JWT isn't doing the padding properly, it seems – Flydog57 Dec 19 '18 at 22:17

score 1 · Answer 2 · answered Dec 19 '18 at 22:29

1

Seems JWT.IO has their own method of decoding their own payload. This is the right way to do it:

string jwt = JWT.Decode("...token...", "...encoded Secret Key...", JwsAlgorithm.HS256);

Where JWT is Jose.JWT from their NuGet package.

answered Dec 19 '18 at 22:29

Casey Crookston

13,016
24
107
193

"Invalid length for a Base-64 char array or string" when decoding JWT.IO token

2 Answers2