diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py b/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
index cfaeff5ce..a270dd10b 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
@@ -456,7 +456,9 @@ def _parse_id_token(token: str) -> Any:
 
     payload = parts[1]
     padded = payload + "=" * (4 - len(payload) % 4)
-    decoded = base64.b64decode(padded)
+
+    # https://lists.jboss.org/pipermail/keycloak-user/2016-April/005758.html
+    decoded = base64.urlsafe_b64decode(padded)
     return json.loads(decoded)