Describe the bug
The base64url decoder does not accept "%3D" as padding, only "%3d" (with lowercase d). As far as I can tell, uppercase is also a valid representation of the padding, and even the predominant one, judging by the google results.

How To Reproduce
As an example: The base64url-encoded version of "1" with uppercase D ("MQ%3D%3D") fails to decode.

Expected behavior
"%3D" should also be accepted as padding.

Additional context
This was discovered because Keycloak changes padding in the state parameter of an authorization request from "%3d" to "%3D" before passing it on to the redirect uri.