JWT authentication bypass via jku header injection 1 JWT authentication bypass via jku header injection Dec 8, 2024