This is a comprehensive attack playbook for JWT and OAuth token security testing. It walks through the classic cryptographic bypasses like algorithm confusion (RS256 to HS256), the alg:none trick, and HMAC secret cracking with hashcat. You also get OAuth flow attacks like state CSRF, redirect_uri bypasses, and implicit flow token leakage via Referer headers. The kid injection section covers SQL injection and path traversal variants, plus jku header abuse for JWKS poisoning. Use this when you're auditing authentication flows and need specific payloads and tooling commands ready to go. It's thorough enough that you won't miss the obvious attacks but stays practical with curl snippets and jwt_tool examples.
npx skills add https://github.com/yaklang/hack-skills --skill jwt-oauth-token-attacks