Saiko Labs
A JWT with its algorithm set to 'none'. No key required.
A session token from a vulnerable API. The signature algorithm is set to "none" — you don't even need a key. Decode the payload: eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJndWVzdCIsInJvbGUiOiJhZG1pbiIsImZsYWciOiJzYWlrb3thbGdfbm9uZV9zaG91bGRfc2NhcmVfeW91fSJ9.