Web - Server

I have stuck in this challenge for a long time.
[Th1b4ud : great way] I understand the theory and attack plan. But when I come to the execution, I use several methods from crafting my own hashing & hmac signing function to using an official library like PyJWT and etc but still not working.

Am I on the right track? Really curious

Any help will be appreciated.

You are on the right way