Rating:
Forge a token:* Set "type" to "admin" instead of "user"* Set "alg" to "HS256" instead of "RS256"* Sign it using the server's public RSA key as the HS256 key
I don't remember
