Code Room
CodingHardcod-g999
Subject AuthLevel Senior–Staff~28 minCommon in Security · Algorithms & data structures interviewsIndustries Software development

Question

Parse and structurally validate a JWT-like token WITHOUT verifying its signature. The token is three base64url segments joined by dots: header.payload.signature. Decode the header and payload as JSON. Return a dict {'valid': False} if there are not exactly three segments, if either of the first two segments is not valid base64url-encoded JSON, or if the header lacks an 'alg' or 'typ' field. Otherwise return {'valid': True, 'alg': <header alg>, 'sub': <payload's 'sub' or empty string if absent>}. Padding has been stripped from each segment.

Implement
parse_jwt_structure(token: str) → dict
Examples
in["eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJzdWIiOiAidXNlcjEyMyIsICJuYW1lIjogIkFsaWNlIn0.sigsigsig"]out{"alg":"HS256","sub":"user123","valid":true}
What a strong answer looks like

State your approach and its time/space complexity out loud before you optimize. Handle the edge cases (empty input, duplicates, overflow), and say why you chose this over the brute force. Green tests are the floor, not the grade.

Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.

Run or narrate your approach, then ask the coach.