JWT Algorithm Confusion

Present a forged token to target opponent.
If their defenses trust the "None" claim, you
may bypass their protections and gain access
to any of their secured resources.


"The illusion of security is as fragile as the
rules it's built on."