JSON Web Tokens look deceptively simple. Three base64-encoded segments, a signature, and you're authenticating users across a distributed system. The problem is that the format hands authors enough rope to hang an entire application — and the same handful of mistakes keep showing up in CVE feeds year after year. A JWT is three dot-separated chunks: a header describing the signature algorithm, a payload of claims (subject, issuer, expiry, custom data), and a signature over the first two. RFC 7519 defined the structure in 2015 and it became the default token format for OAuth, OpenID Connect, and roughly every "stateless authentication" tutorial since. Most of the trouble lives not in the spec itself but in the libraries that implement it — and in the validation code developers write around them. The fundamental issue is that JWTs are flexible: they support multiple algorithms, optional claims, and several legitimate use cases. Each axis of flexibility is a place where a mistake can let a forged token through.…