Skip to content

Update utils.go to fix the decoding process of the accessToken #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yuunaka1 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update utils.go to fix the decoding process of the accessToken #111

yuunaka1 wants to merge 1 commit into from

Conversation

@yuunaka1
Copy link

@yuunaka1 yuunaka1 commented Feb 5, 2025

The accessToken (JWS Payload) uses Base64URL encoding, not Base64 encoding. Therefore, the base64.RawURLEncoding function should be used for the decoding.
ref: https://datatracker.ietf.org/doc/html/rfc7515#section-7.1

@yuunaka1
Update utils.go
c0b58a0 
The body (JWS Payload) uses Base64URL encoding, not Base64 encoding. Therefore, the base64.RawURLEncoding function must be used for the decoding.
@github-actions
Copy link

github-actions bot commented Feb 5, 2025
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@yuunaka1
Copy link
Author

yuunaka1 commented Feb 5, 2025

I have read the CLA Document and I hereby sign the CLA

@KinakoExE
Copy link

KinakoExE commented Aug 21, 2025

@mvlipka @ddlees
Hello, I encountered an AzureHound bug that throws the error:
illegal base64 data at input byte XXX.
This PR resolves the issue, so I would strongly recommend merging it.

Problem

Entra ID returns URL-safe base64-encoded JWTs. However, AzureHound attempts to decode them using the standard (non–URL-safe) base64 decoder. As a result, even valid access tokens can trigger a fatal error.

Here’s a real example I ran into:

$ ./azurehound list -t "$TENANT_ID" -j "$ACCESS_TOKEN" -o output.json -v 1
...
No configuration file located at /home/kali/.config/azurehound/config.json
2025-08-21T13:15:50+09:00 DBG testing connections
2025-08-21T13:15:50+09:00 DBG testing connections
2025-08-21T13:15:50+09:00 ERR encountered unrecoverable error error="failed to create new Azure client: illegal base64 data at input byte 634"

@n-etupirka n-etupirka mentioned this pull request Dec 26, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yuunaka1 @KinakoExE