Portswigger Lab: JWT authentication bypass via algorithm confusion with no exposed key, a slightly different walkthrough

, or how I learned the importance of RTFM yet again

I mean, to be perfectly honest, this article started as a huge complaint in my head while I was working on solving the lab in question, but in the end it turned out I was in the wrong. So, here’s a different walkthrough compared to the community walkthroughs under the solutions of this lab. And, if you consider yourself not as smart at times…