diff --git a/oauth3.core.js b/oauth3.core.js
index b0f3498..9e90b33 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -108,8 +108,12 @@
   core.utils = {
     urlSafeBase64ToBase64: function (b64) {
       // URL-safe Base64 to Base64
+      // https://en.wikipedia.org/wiki/Base64
+      // https://gist.github.com/catwell/3046205
+      var mod = b64.length % 4;
+      if (2 === mod) { b64 += '=='; }
+      if (3 === mod) { b64 += '='; }
       b64 = b64.replace(/-/g, '+').replace(/_/g, '/');
-      b64 = (b64 + '===').slice(0, b64.length + (b64.length % 4));
       return b64;
     }
   , base64ToUrlSafeBase64: function (b64) {
@@ -151,9 +155,10 @@
       // [ {}, {}, 'foo' ]
       // { header: {}, payload: {}, signature: }
       var parts = str.split(/\./g);
-      var jsons = parts.slice(0, 2).map(function (b64) {
+      var jsons = parts.slice(0, 2).map(function (urlsafe64) {
         var atob = exports.atob || require('atob');
-        return atob(core.utils.urlSafeBase64ToBase64(b64));
+        var b64 = core.utils.urlSafeBase64ToBase64(urlsafe64);
+        return atob(b64);
       });
 
       return {