The URL-safe alphabet and missing padding
Base64URL replaces plus with hyphen and slash with underscore so values fit URLs and filenames with less escaping. Many protocols omit trailing equals padding. This tool restores only the padding implied by the length, then shows the equivalent standard Base64 representation.
A remainder of 2 needs two equals signs and a remainder of 3 needs one. A remainder of 1 is impossible and is reported as an error rather than guessed.
JWT inspection is not JWT verification
JWT mode splits a three-part value, decodes the first two Base64URL segments, and formats JSON when possible. It does not verify the signature, issuer, audience, expiry, algorithm, or key. Treat the displayed claims as untrusted input.
Tokens can contain credentials and personal data even though Base64URL is reversible. Browser-local processing avoids an upload, but screen sharing, browser extensions, clipboard history, and saved URLs can still expose the value.
Common failures this tool explains
- A standard Base64 slash or plus sign was pasted into a Base64URL-only field.
- The value has a length remainder of 1 and cannot be repaired with padding.
- JWT mode received fewer or more than three dot-separated segments.
- A decoded JWT segment contains bytes that are not valid UTF-8 JSON.
Equivalent commands
Use the runtime or shell already available in your workflow. Validate untrusted input and keep binary output out of terminals when it may contain control bytes.
Python
import base64
padded = value + '=' * (-len(value) % 4)
decoded = base64.urlsafe_b64decode(padded)
JavaScript
const decoded = Buffer.from(value, 'base64url');
console.log(decoded.toString('utf8'));
Shell
printf '%s' "$VALUE" | basenc --base64url --decode