JWT, Part 2: JWT Anatomy - dissecting the token byte by byte
Taking a real token and dissecting it like a pathologist: header, payload, signature, Base64url, claims, edge cases.
JWT, Part 1: Why JWT is the most broken standard on the web
70+ CVEs over ten years. A bug from 2015 still fires in 2026. Let's figure out why JWT stubbornly remains broken.