Hi, If you followed correctly all the steps you should not have any problems. But maybe you could have mistaken something. I highlight you some things that are coming on my mind. Do you set algo to “HS256” and sub to “administrator”? Also remember to sign the request. This maybe could be the reason. If not, please feel free to ask more questions, but be sure that all the steps are right.

@@emanuelepicariello Hi, Thanks for your answer , yeah i did all of that My steps were; I copy the public key from jwks.json I add it into a new RSA key in a format of JWK then copy the PEM I base64 encode PEM than paste it in a new symmetric key as k parameters value I then change the alg: to HS256 , sub to administrator sign the request with the don't modify header option selected and send the request . I am still getting an unauthorized response .

@@ahhackherewegoagain1044 It seems you are doing right. Maybe there could me a problem in this case minute: 3:02, when you insert the PEM into the decoder try to cancel the empty line if is present, the one below “--END PUBLIC KEY--“. I don’t remember if in this lab or other I was having problem with that line. Last thing try to check the link if it is correct, last try 😅 paste the cookie into the browser and try from there. Let me know