Description
When AzureHound processes Entra ID access tokens (JWT), decoding may fail with a Base64-related error.
This issue appears to be caused by treating JWT segments as standard Base64 instead of Base64URL.
Reference: https://datatracker.ietf.org/doc/html/rfc7515#section-7.1
PS C:\tools\AzureHound_v2.8.2_windows_amd64> .\azurehound.exe list az-rm -j $arm --tenant $tenant
AzureHound v2.8.2
Created by the BloodHound Enterprise team - https://bloodhoundenterprise.io
No configuration file located at C:\Users\XXXXX\.config\azurehound\config.json
2025-12-26T11:18:16+09:00 ERR encountered unrecoverable error error="failed to create new Azure client: illegal base64 data at input byte XXX"
Steps to reproduce
Unfortunately, I was unable to intentionally reproduce a JWT access token that fails when decoded with standard Base64 but succeeds with Base64URL.
Expected behavior
The JWT access token should be decoded successfully without errors.
Fix
A Pull Request addressing this issue already exists. (#111)
I confirmed that applying the same patch to the latest source code successfully resolves the problem.
Description
When AzureHound processes Entra ID access tokens (JWT), decoding may fail with a Base64-related error.
This issue appears to be caused by treating JWT segments as standard Base64 instead of Base64URL.
Reference: https://datatracker.ietf.org/doc/html/rfc7515#section-7.1
Steps to reproduce
Unfortunately, I was unable to intentionally reproduce a JWT access token that fails when decoded with standard Base64 but succeeds with Base64URL.
Expected behavior
The JWT access token should be decoded successfully without errors.
Fix
A Pull Request addressing this issue already exists. (#111)
I confirmed that applying the same patch to the latest source code successfully resolves the problem.