JSON Web Token (JWT) - Introduction¶
It’s an introduction, this challenge is basic, you just need to understand how jwt work, and learn basic exploits and test these.
JWT - Revoked token¶
With this challenge, you will see a developer try to secure her app, but you can bypass it, check RFC 4648
JSON Web Token (JWT) - Public key¶
With a public key, and alg used in jwt header, you can try RSA/HMAC confusion exploit.