Last assignment for JWT tokens finished

webgoat-lessons/jwt/src/main/resources/i18n/WebGoatLabels.properties

@@ -14,6 +14,12 @@ jwt-secret-hint1=Save the token and try to verify the token locally
 jwt-secret-hint2=Download a word list dictionary (https://github.com/first20hours/google-10000-english)
 jwt-secret-hint3=Write a small program or use HashCat for brute forcing the token according the word list
 
+jwt-refresh-hint1=Look at the access log you will find a token there
+jwt-refresh-hint2=The token from the access log is no longer valid, can you find a way to refresh it?
+jwt-refresh-hint3=The endpoint for refreshing a token is 'jwt/refresh/newToken'
+jwt-refresh-hint4=Use the found access token in the Authorization: Bearer header and use your refresh token
+jwt-refresh-not-tom=User is not Tom but {0}, please try again
+
 jwt-final-jerry-account=Yikes, you are removing Jerry's account, try to delete the account of Tom 
 jwt-final-not-tom=Username is not Tom try to pass a token for Tom