jwt.title=JWT tokens

#Assignment changing tokens
jwt-user=You are logged in as  {0}, but you are not an admin yet, please try again
jwt-invalid-token=Not a valid JWT token, please try again
jwt-only-admin=Only an admin user can reset the votes
jwt-change-token-hint1=Select a different user and look at the token you receive back, use the delete button to reset the votes count
jwt-change-token-hint2=Decode the token and look at the contents
jwt-change-token-hint3=Change the contents of the token and replace the cookie before sending the request for getting the votes 
jwt-change-token-hint4=Change the admin field to true in the token
jwt-change-token-hint5=Submit the token by changing the algorithm to None and remove the signature

jwt-secret-hint1=Save the token and try to verify the token locally
jwt-secret-hint2=Download a word list dictionary (https://github.com/first20hours/google-10000-english)
jwt-secret-hint3=Write a small program or use HashCat for brute forcing the token according the word list
jwt-secret-claims-missing=You are missing some claims, you should keep all the claims in the token
jwt-secret-incorrect-user=The user is {0}, you need to change it to WebGoat

jwt-refresh-hint1=Look at the access log you will find a token there
jwt-refresh-hint2=The token from the access log is no longer valid, can you find a way to refresh it?
jwt-refresh-hint3=The endpoint for refreshing a token is 'JWT/refresh/newToken'
jwt-refresh-hint4=Use the found access token in the Authorization: Bearer header and use your own refresh token
jwt-refresh-not-tom=User is not Tom but {0}, please try again
jwt-refresh-alg-none=Nicely found! You solved the assignment with 'alg: none' can you also solve it by using the refresh token?

jwt-final-jerry-account=Yikes, you are removing Jerry's account, try to delete the account of Tom 
jwt-final-not-tom=Username is not Tom try to pass a token for Tom

jwt-jku-hint1=Take a look at the token and specifically and the header
jwt-jku-hint2=The 'jku' (key ID) header parameter is a hint indicating which key is used to verify the JWS
jwt-jku-hint3=Could you use WebWolf to host the public key as a JWKS?
jwt-jku-hint4=Create a key pair and sign the token with the private key
jwt-jku-hint5=Change the JKU header claim and point it to a URL which hosts the public key in JWKS format.

jwt-kid-hint1=Take a look at the token and specifically and the header
jwt-kid-hint2=The 'kid' (key ID) header parameter is a hint indicating which key was used to secure the JWS
jwt-kid-hint3=The key can be located on the filesystem in memory or even reside in the database
jwt-kid-hint4=The key is stored in the database and loaded while verifying a token
jwt-kid-hint5=Using a SQL injection you might be able to manipulate the key to something you know and create a new token.
jwt-kid-hint6=Use: hacked' UNION select 'deletingTom' from INFORMATION_SCHEMA.SYSTEM_USERS --  as the kid in the header and change the contents of the token to Tom and hit the endpoint with the new token