jwt authentication bypass via weak signing key || lab || json web token (jwt) security attack