JWT Bypass
This API uses JWT for authentication. The token seems secure, but is it really?
Endpoint: /api/jwt-challenge
Sample token provided in challenge files.
SUBMIT FLAG
Hints
Hint 1
Algorithm confusion is a common JWT vulnerability
Hint 2
The public key is available at /api/public-key