fix: fix handling of b64 and b64url encoded access tokens (#767)

Author: porcellus

CHANGELOG.md

@@ -7,6 +7,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [unreleased]
 
+## [6.0.10] - 2023-08-16
+
+- Fixed an encoding/decoding issue for certain access token payloads
+
 ## [6.0.9] - 2023-08-14
 
 - Now using decimal notation to add numbers into the access token payload (instead of scientific notation) 

build.gradle

@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "6.0.9"
+version = "6.0.10"
 
 
 repositories {

src/main/java/io/supertokens/utils/Utils.java

@@ -77,8 +77,9 @@ public static String convertToBase64(String str) {
         return new String(Base64.getEncoder().encode(stringToBytes(str)), StandardCharsets.UTF_8);
     }
 
+    // This function deserializes both B64 and B64URL encodings
     public static String convertFromBase64(String str) {
-        return new String(Base64.getDecoder().decode(stringToBytes(str)), StandardCharsets.UTF_8);
+        return new String(Base64.getDecoder().decode(stringToBytes(str.replace("-", "+").replace("_", "/"))), StandardCharsets.UTF_8);
     }
 
     public static String throwableStacktraceToString(Throwable e) {

src/test/java/io/supertokens/test/session/AccessTokenTest.java

@@ -257,7 +257,8 @@ public void inputOutputTest() throws Exception {
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
         JsonObject jsonObj = new JsonObject();
-        jsonObj.addProperty("key", "value");
+        String testValue = "asdf???123";
+        jsonObj.addProperty("key", testValue);
 
         // db key
         long expiryTime = System.currentTimeMillis() + 1000;
@@ -269,7 +270,7 @@ public void inputOutputTest() throws Exception {
         assertEquals("userId", info.userId);
         assertEquals("refreshTokenHash1", info.refreshTokenHash1);
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
-        assertEquals("value", info.userData.get("key").getAsString());
+        assertEquals(testValue, info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
         assertEquals(expiryTime / 1000 * 1000, info.expiryTime);
 
@@ -292,19 +293,21 @@ public void inputOutputTestStatic() throws Exception {
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
         JsonObject jsonObj = new JsonObject();
-        jsonObj.addProperty("key", "value");
+        String testValue = "asdf???123";
+        jsonObj.addProperty("key", testValue);
 
         // db key
         long expiryTime = System.currentTimeMillis() + 1000;
         TokenInfo newToken = AccessToken.createNewAccessToken(process.getProcess(), "sessionHandle", "userId",
                 "refreshTokenHash1", "parentRefreshTokenHash1", jsonObj, "antiCsrfToken", expiryTime,
                 AccessToken.getLatestVersion(), true);
+        System.out.println(newToken.token);
         AccessTokenInfo info = AccessToken.getInfoFromAccessToken(process.getProcess(), newToken.token, true);
         assertEquals("sessionHandle", info.sessionHandle);
         assertEquals("userId", info.userId);
         assertEquals("refreshTokenHash1", info.refreshTokenHash1);
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
-        assertEquals("value", info.userData.get("key").getAsString());
+        assertEquals(testValue, info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
         assertEquals(expiryTime / 1000 * 1000, info.expiryTime);
 
@@ -326,7 +329,8 @@ public void inputOutputTestV2() throws Exception {
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
         JsonObject jsonObj = new JsonObject();
-        jsonObj.addProperty("key", "value");
+        String testValue = "asdf???123";
+        jsonObj.addProperty("key", testValue);
 
         // db key
         long expiryTime = System.currentTimeMillis() + 1000;
@@ -338,7 +342,7 @@ public void inputOutputTestV2() throws Exception {
         assertEquals("userId", info.userId);
         assertEquals("refreshTokenHash1", info.refreshTokenHash1);
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
-        assertEquals("value", info.userData.get("key").getAsString());
+        assertEquals(testValue, info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
         assertEquals(expiryTime, info.expiryTime);
 
@@ -360,7 +364,8 @@ public void inputOutputTestv1() throws InterruptedException, InvalidKeyException
         EventAndException e = process.checkOrWaitForEvent(PROCESS_STATE.STARTED);
         assertNotNull(e);
         JsonObject jsonObj = new JsonObject();
-        jsonObj.addProperty("key", "value");
+        String testValue = "asdf???123";
+        jsonObj.addProperty("key", testValue);
 
         // db key
         TokenInfo newToken = AccessToken.createNewAccessTokenV1(process.getProcess(), "sessionHandle", "userId",
@@ -370,7 +375,7 @@ public void inputOutputTestv1() throws InterruptedException, InvalidKeyException
         assertEquals("userId", info.userId);
         assertEquals("refreshTokenHash1", info.refreshTokenHash1);
         assertEquals("parentRefreshTokenHash1", info.parentRefreshTokenHash1);
-        assertEquals("value", info.userData.get("key").getAsString());
+        assertEquals(testValue, info.userData.get("key").getAsString());
         assertEquals("antiCsrfToken", info.antiCsrfToken);
 
         JsonObject payload = (JsonObject) new JsonParser()