Authorization
headers with the Bearer
keyword. See the the following example.None
(or none
, NONE
, nOnE
) in the header, remove the signature, and send the modified token. Some applications are vulnerable to this attack since some support a None algorithm for signature.pip/pip3 install pyjwt==0.4.3
.