JWT Authentication Security Lab

A hands-on security lab demonstrating JWT authentication weaknesses, token forgery risk, privilege escalation, and secure validation patterns using FastAPI.

Project Scope

This lab includes:

a vulnerable JWT API
a secure JWT API
token forgery demonstration
curl-based testing
screenshots of attack and remediation results

Files

vulnerable_jwt_api.py — vulnerable implementation
secure_jwt_api.py — remediated implementation
forge_token.py — helper script to simulate forged token creation
attack_demo.md — attack summary and mitigation notes
screenshots/ — screenshots of results

Vulnerability Demonstrated

Weak JWT signing secret leading to token forgery and privilege escalation.

How to Run

Vulnerable version

python3 -m uvicorn vulnerable_jwt_api:app --reload

Secure version

python3 -m uvicorn secure_jwt_api:app --reload --port 8001

pipicodes/jwt-auth-security-lab

JWT Authentication Security Lab

Project Scope

Files

Vulnerability Demonstrated

How to Run

Vulnerable version

Secure version

Security Test Results

Token Generation and Attack Setup

Privilege Escalation via Forged JWT Token

Secure API – Forged Token Rejected

On this page

Languages

pipicodes/jwt-auth-security-lab

JWT Authentication Security Lab

Project Scope

Files

Vulnerability Demonstrated

How to Run

Vulnerable version

Secure version

Security Test Results

Vulnerable API – Login and Profile Access

Token Generation and Attack Setup

Privilege Escalation via Forged JWT Token

Secure API – Forged Token Rejected

On this page

Languages