Auth0 Home Blog Docs

Invalid characters in the decoded payload string



Hello everybody,
I have encountered a weird issue that only appears to happen rarely (I’ve only seen it twice), but IMO is disturbing enough to be reported anyway.

The problem is that on some rare occasions the Base64-encoded payload strings in JWT token issued by the Auth0 API contains garbage/invalid characters in the payload string (after Base64-decoding it), which in the cases I’ve seen made it just an invalid UTF8 string, and therefore an invalid JSON as well. The exact token I’ve inspected right now had 0xff byte right in the middle of the gravatar URI.

For obvious reasons I won’t provide the problematic token here, but, just in case, I’ve saved it if anyone from Auth0 team needs it to get more details/investigate the issue.


I have this issue too. Been getting it roughly 1 in 10 logins.