# JWT & Base64 Decoder MCP MCP > JWT & Base64 Decoder uses native binary methods to read encoded data streams. It instantly decodes complex JWT tokens into readable headers and payloads, while also handling general Base64 strings with precise UTF-8 output. This MCP eliminates guesswork when inspecting authentication tokens or raw payload data. ## Overview - **Category:** developer-tools - **Price:** Free - **Tags:** jwt, base64, token-decoding, authentication, payload-inspection, binary-data ## Description Okay, so you've got a token or some API response that’s just a string of gibberish—Base64 encoded, maybe wrapped in JWT format. You need to see what's inside without breaking anything. This MCP lets your agent pull apart those opaque strings using native methods, giving you the raw JSON payload and all the structured claims. It handles everything from basic Base64 decoding to extracting specific details like user IDs or expiration timestamps from a full JWT token. If you're working with data that came encoded, this is what you use. You just pass the string, and your agent gets back clean, usable data for analysis, letting your entire workflow run smoothly through the Vinkius catalog. ## Tools ### decode_base64_string Decodes any Base64 string deterministically into plain UTF-8 text for general data inspection. ### decode_jwt_token Decodes a complete JWT token, extracting the header and payload while calculating the exact expiration date. ## Prompt Examples **Prompt:** ``` Decode this Authorization Bearer JWT safely to extract the 'sub' and 'exp' claims. ``` **Response:** ``` ✅ **Decoded Payload:** ```json { "sub": "usr_88129a", "exp": 1731945600 } ``` ``` **Prompt:** ``` Evaluate if the expiration timestamp in this decoded JWT is in the past. ``` **Response:** ``` ✅ **Status:** Token is expired. The `exp` claim translates to 2023-11-05. ``` **Prompt:** ``` Decode this raw Base64 string payload returned by the external API. ``` **Response:** ``` ✅ **Base64 Decoded:** Returned plain UTF-8 text representation. ``` ## Capabilities ### Decode general Base64 strings Pass a raw Base64 text string to deterministically decode it into plain UTF-8 readable text. ### Extract JWT claims and expiry Process a full JWT token, extracting the header, payload, and calculating the exact expiration date for immediate status checks. ## Use Cases ### Verifying suspicious API calls A security analyst receives a log entry containing a JWT token and needs to check if it's valid. They pass the raw token, and using `decode_jwt_token`, their agent extracts the payload and confirms both the user ID and whether or not the token has already expired. ### Debugging external service payloads A backend developer receives a Base64-encoded chunk of data from an external API that isn't JSON. They use `decode_base64_string` to reliably convert the raw string into readable UTF-8 text for inspection. ### Auditing session tokens A DevOps engineer needs to check a captured, non-JWT base64 session identifier. They feed it into `decode_base64_string` and get the plain underlying data immediately, allowing them to confirm if the user was active at that time. ## Benefits - Stop guessing about expired tokens. The `decode_jwt_token` tool calculates the precise expiration date, eliminating guesswork from your agent's output. - You get raw access to encoded data without boilerplate code. Use `decode_base64_string` to handle any non-JWT Base64 payload immediately. - It handles structured authentication data reliably. Instead of writing custom parsing logic, let the MCP extract claims like 'sub' and 'exp'. - The process is deterministic. The output for both tools relies on native binary buffers, ensuring consistent results every time. - You bypass client-side limitations. Your agent accesses powerful decoding utilities regardless of whether it’s running in an IDE or a terminal. ## How It Works The bottom line is you feed it an encoded string, and it reliably outputs structured, readable data. 1. Provide your agent with the raw Base64 string or the complete JWT token you need to inspect. 2. The MCP processes the input using native binary functions, separating and validating the components of the encoded data. 3. Your agent receives a clean JSON structure containing decoded payloads, specific claims (like 'sub'), and calculated expiration timestamps. ## Frequently Asked Questions **How does decode_base64_string handle non-JWT data?** It treats the input as a generic Base64 string, deterministically converting it into plain UTF-8 text. This lets you inspect any kind of raw encoded payload, not just tokens. **Does decode_jwt_token verify the token signature?** No. It decodes the content for inspection only and does not attempt to validate the cryptographic signature. It simply extracts the header and payload data for review. **What information can I get from decode_jwt_token?** You retrieve the decoded JSON contents of the header, the main payload body, and most importantly, a precise calculation of the token's expiration date. **Can this MCP handle large data payloads?** Yes. It uses native binary buffers designed for precision decoding, allowing it to reliably process complex, long-form encoded strings without failure. **If I use decode_jwt_token, does it validate the token's signature or issuer?** No. This MCP only decodes the content deterministically. It parses the header and payload sections of the JWT, but it never validates the cryptographic signature or checks for an issuer claim. **When I use decode_base64_string, what happens if the input isn't valid Base64?** The tool handles malformed inputs by returning a specific decoding failure. It won't crash; instead, it signals that the provided string does not conform to the required Base64 standard. **Can decode_jwt_token extract data from tokens with non-standard claims?** Yes. You can get all key-value pairs present in the payload, including custom or non-standard claims. The output JSON structure will reflect exactly what was provided in the token. **If I use decode_base64_string on a JWT, is that sufficient for my needs?** No. Using decode_base64_string treats the entire input as raw text without context. Use decode_jwt_token when you need the structured extraction of headers and accurate expiration math. **Is it secure?** Yes, decoding runs completely local. **Does it verify the JWT signature?** No, this is a strict decoder for reading payloads, not an authentication gateway. **Can it decode hex as well?** It is specialized in Base64 and JWT headers/payloads.