binascii.Error: Non-base64 digit found: what it means and how to fix it

What the error means

binascii.Error: Non-base64 digit found means a decoder rejected the input as invalid encoding. The fastest path is to identify what format you have, normalize it, then decode again.

Most common real-world causes

• The input contains non-Base64 characters, wrong alphabet (Base64URL), or missing padding ('=').
• The input is not actually encoded in the expected format (Base64 vs Base64URL vs plain text).
• You copied only part of the string (truncated token/payload).
• Whitespace/newlines were introduced during copy/paste.
• Wrong character set: URL-safe Base64 uses '-' and '_' instead of '+' and '/'.
• You decoded using the wrong function (decodeURIComponent on non-URL-encoded data, atob on non-Base64).

Fast debugging steps

• Normalize Base64URL (replace '-'/'_' and add padding) before decoding.
• Confirm what you are decoding (URL encoding, Base64, Base64URL, JWT).
• Trim whitespace and remove line breaks before decoding.
• If it's a JWT, ensure it has 3 dot-separated parts (header.payload.signature).
• If it's Base64URL, convert '-' -> '+' and '_' -> '/' and add padding if needed.

Code example (python)

import base64, re

s = re.sub(r"\s+", "", input_text)
# Base64URL -> Base64
s = s.replace('-', '+').replace('_', '/')
# pad to multiple of 4
s += '=' * (-len(s) % 4)

raw = base64.b64decode(s)
print(raw[:120])

Fix without uploading data

Encoded strings often contain secrets (tokens, IDs). Decode locally and share only redacted snippets.

• URL Encode/Decode for percent-encoding.
• Base64 Encode/Decode for Base64/Base64URL payloads.
• JWT Decoder to inspect header/payload without uploads.

FAQ

Is Base64 the same as Base64URL? No. Base64URL uses '-' and '_' and often omits padding. Normalize before decoding.

Does decoding a JWT verify it? No. Decoding shows claims; verification requires the signing key.