JWT — Algorithm Confusion (RS256 → HS256)

AuthBox issues JWTs signed with RS256 (asymmetric — private key signs, public key verifies). The verifier blindly trusts the alg header. Forge an HS256 token using the public key as the HMAC secret — the verifier will accept it.