Saiko Labs
A JWT with its signature algorithm set to 'none'. No key needed — decode the payload.
Session token from a vulnerable API: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJndWVzdCIsInJvbGUiOiJhZG1pbiIsImZsYWciOiJzYWlrb3tjcmFja190aGVfc2FuZGJveH0ifQ.