TLDR: Use github to find open API endpoint that signs tokens. Change JWT identity to admin, sign token, and recieve flag.