diff --git a/src/keycloak/authz.py b/src/keycloak/authz.py
index cb2c8a9..d4e6038 100644
--- a/src/keycloak/authz.py
+++ b/src/keycloak/authz.py
@@ -63,7 +63,7 @@ def _decode_token(cls, token):
         missing_padding = len(token) % 4
         if missing_padding != 0:
             token += '=' * (4 - missing_padding)
-        return json.loads(base64.b64decode(token).decode('utf-8'))
+        return json.loads(base64.urlsafe_b64decode(token + "===").decode('utf-8'))
 
     def get_permissions(self, token, resource_scopes_tuples=None,
                         submit_request=False, ticket=None):
@@ -115,7 +115,7 @@ def get_permissions(self, token, resource_scopes_tuples=None,
                     response.get('error_description')
                 )
             else:
-                token = response.get('refresh_token')
+                token = response.get('access_token')
                 decoded_token = self._decode_token(token.split('.')[1])
                 authz_info = decoded_token.get('authorization', {})
         except KeycloakClientError as error: