TokenForge's auth server accepts JWTs with alg set to 'none'. Log in as a regular user, forge an admin token by removing the signature.
Forge a JWT with alg:none and an admin payload to bypass authentication.
Step-by-step walkthrough ↗