1. Change algorithm from RS256 to HS256
2. Set filename tomd5(flag.txt) = 159df48875627e2f7f66dae584c5e3a5
3. Sign it with the public key

Original writeup (https://tasteofsecurity.com/security/web-200-file-rover-jwt-ctf-challenge/).