Code Room
Code reviewHard
Question
Review this Node JWT verifier that resolves the signing key from the token header.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
const jwt = require('jsonwebtoken');const fs = require('fs'); function verify(token) { const { header } = jwt.decode(token, { complete: true }); const keyPath = `/etc/keys/${header.kid}.pem`; const key = fs.readFileSync(keyPath, 'utf8'); return jwt.verify(token, key, { algorithms: ['RS256'] });}Run or narrate your approach, then ask the coach.