Add JavaScript to assignment otherwise you will not be able to see the flow of the endpoint

webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java

@@ -58,7 +58,7 @@ public class JWTRefreshEndpoint extends AssignmentEndpoint {
         String user = (String) json.get("user");
         String password = (String) json.get("password");
 
-        if ("Jerry".equals(user) && PASSWORD.equals(password)) {
+        if ("Jerry".equalsIgnoreCase(user) && PASSWORD.equals(password)) {
             return ok(createNewTokens(user));
         }
         return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();

webgoat-lessons/jwt/src/main/resources/html/JWT.html

@@ -122,6 +122,7 @@ $(document).ready(
     <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/jwt.css}"/>
     <script th:src="@{/lesson_js/bootstrap.min.js}" language="JavaScript"></script>
     <script th:src="@{/lesson_js/jwt-buy.js}" language="JavaScript"></script>
+    <script th:src="@{/lesson_js/jwt-refresh.js}" language="JavaScript"></script>
     <div class="attack-container">
         <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
         <form class="attack-form" accept-charset="UNKNOWN"

webgoat-lessons/sol.MD

@@ -1,3 +1,6 @@
+https://github.com/WebGoat/WebGoat/wiki/(Almost)-Fully-Documented-Solution-(en)
+
+
 ### SQLi ###  
 
 Basic