Add automatic clipboard detection for JWT decoding

When no text is selected, the extension now automatically checks the clipboard
for a valid JWT token. If found, it decodes it immediately without prompting.
If the clipboard doesn't contain a valid JWT, it falls back to showing the
input box as before.

Includes a new JWT validation function that verifies token structure, format,
and header validity, plus 10 additional test cases for comprehensive coverage.

Author: jflbr

CHANGELOG.md

@@ -4,10 +4,16 @@ All notable changes to the "jwt-decoder" extension will be documented in this fi
 
 Check [Keep a Changelog](http://keepachangelog.com/) for recommendations on how to structure this file.
 
-## [1.2.0] 2026-01-09
-### Added
-- Comprehensive test suite with 11 tests covering:
+## [1.3.0] 2026-01-09
+### Added 
+- Automatic clipboard detection for JWT tokens
+  - When no text is selected, the extension automatically checks clipboard for valid JWT
+  - Smart validation ensures only valid JWTs are auto-decoded
+  - Seamless fallback to input box if clipboard doesn't contain a valid JWT
+- JWT validation function to verify token structure and format
+- Comprehensive test suite with 23 tests covering:
   - JWT token decoding functionality
+  - JWT validation (valid/invalid tokens, edge cases)
   - Hover content management
   - Extension activation and command registration
   - Edge cases and error handling

README.md

@@ -22,8 +22,8 @@ If you call the extension cammand against a `selected JWT string` from an Untitl
 
 ![](images/demo-from-untitled-document.gif)
 
-### From input box to message box
+### From Clipboard or Input Box (fallback)
 
-From any document, fire the extension command without text selection. Paste your JWT, hit enter and your decoded token will appear in a message box at the right bottom corner. 
+From any document, fire the extension command without text selection. The extension will attempt to decode the clipboard value if it's a valid JWT. Otherwise, you'll be prompted to enter your JWT manually. The decoded token will appear in a message box at the right bottom corner. 
 
 ![](images/demo-from-input-box.gif)

package-lock.json

@@ -4,7 +4,7 @@
 	"description": "A simple JWT decoder extension for VS Code",
 	"icon": "images/icon.png",
 	"publisher": "jflbr",
-	"version": "1.2.0",
+	"version": "1.3.0",
 	"engines": {
 		"vscode": "^1.85.0"
 	},

package.json

@@ -1,6 +1,6 @@
 
 import * as vscode from 'vscode';
-import { decodeToken } from './jwt';
+import { decodeToken, isValidJWT } from './jwt';
 import { setHoverContent } from './jwt';
 
 
@@ -56,7 +56,14 @@ export function activate(context: vscode.ExtensionContext) {
             hoverProvider.setTokenPosition(textEditor.selection.start);
 		}
 		else {
-			token = await vscode.window.showInputBox({ placeHolder: 'Paste your base64 encoded JWT here' });
+			// Try to get JWT from clipboard first
+			const clipboardContent = await vscode.env.clipboard.readText();
+			if (clipboardContent && isValidJWT(clipboardContent)) {
+				token = clipboardContent.trim();
+			} else {
+				// Fallback to input box if clipboard doesn't contain a valid JWT
+				token = await vscode.window.showInputBox({ placeHolder: 'Paste your base64 encoded JWT here' });
+			}
 		}
 		if (token === null){
 			vscode.window.showWarningMessage("Base64 encoded JWT required");

src/extension.ts

@@ -5,6 +5,47 @@ function base64Decode(base64Str: string){
     return JSON.parse(Buffer.from(base64, 'base64').toString('binary'));
 }
 
+export function isValidJWT(token: string): boolean {
+    if (!token || typeof token !== 'string') {
+        return false;
+    }
+
+    // Remove common prefixes and whitespace
+    token = token.trim().replace(/^Bearer\s+/i, '');
+
+    // JWT should have exactly 2 dots (3 parts: header.payload.signature)
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        return false;
+    }
+
+    // Each part should be a valid base64url string (non-empty)
+    for (const part of parts) {
+        if (!part || part.length === 0) {
+            return false;
+        }
+        // Base64url uses A-Z, a-z, 0-9, -, _
+        if (!/^[A-Za-z0-9_-]+$/.test(part)) {
+            return false;
+        }
+    }
+
+    // Try to decode the header to verify it's actually a JWT
+    try {
+        const headerBase64 = parts[0].replace('-', '+').replace('_', '/');
+        const header = JSON.parse(Buffer.from(headerBase64, 'base64').toString('binary'));
+
+        // A valid JWT header should have at least an 'alg' field
+        if (!header || typeof header !== 'object' || !header.alg) {
+            return false;
+        }
+    } catch (e) {
+        return false;
+    }
+
+    return true;
+}
+
 export function decodeToken(token: string = '') {
     let parts = token.split('.');
     let headers = parts[0];

src/jwt.ts

@@ -1,7 +1,7 @@
 import * as assert from 'assert';
 import { before } from 'mocha';
 import * as vscode from 'vscode';
-import { decodeToken, setHoverContent } from '../../jwt';
+import { decodeToken, setHoverContent, isValidJWT } from '../../jwt';
 
 suite('JWT Decoder Extension Test Suite', () => {
 	before(() => {
@@ -119,6 +119,58 @@ suite('JWT Decoder Extension Test Suite', () => {
 		});
 	});
 
+	suite('isValidJWT', () => {
+		test('Should validate a valid JWT token', () => {
+			const validToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+			assert.strictEqual(isValidJWT(validToken), true);
+		});
+
+		test('Should validate JWT with Bearer prefix', () => {
+			const tokenWithBearer = 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+			assert.strictEqual(isValidJWT(tokenWithBearer), true);
+		});
+
+		test('Should validate JWT with whitespace', () => {
+			const tokenWithWhitespace = '  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c  ';
+			assert.strictEqual(isValidJWT(tokenWithWhitespace), true);
+		});
+
+		test('Should reject token with only 2 parts', () => {
+			const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ';
+			assert.strictEqual(isValidJWT(invalidToken), false);
+		});
+
+		test('Should reject token with more than 3 parts', () => {
+			const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c.extra';
+			assert.strictEqual(isValidJWT(invalidToken), false);
+		});
+
+		test('Should reject empty string', () => {
+			assert.strictEqual(isValidJWT(''), false);
+		});
+
+		test('Should reject null or undefined', () => {
+			assert.strictEqual(isValidJWT(null as any), false);
+			assert.strictEqual(isValidJWT(undefined as any), false);
+		});
+
+		test('Should reject token with invalid characters', () => {
+			const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWI@invalid!.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+			assert.strictEqual(isValidJWT(invalidToken), false);
+		});
+
+		test('Should reject token with empty parts', () => {
+			const invalidToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+			assert.strictEqual(isValidJWT(invalidToken), false);
+		});
+
+		test('Should reject non-JWT strings', () => {
+			assert.strictEqual(isValidJWT('This is not a JWT'), false);
+			assert.strictEqual(isValidJWT('random.text.here'), false);
+			assert.strictEqual(isValidJWT('123.456.789'), false);
+		});
+	});
+
 	suite('Extension Activation', () => {
 		test('Extension should be present', () => {
 			assert.ok(vscode.extensions.getExtension('jflbr.jwt-decoder'));