Code Room
Code reviewHardcr-g432
Subject Jwt misuseLevel Senior–Staff~24 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Node JWT verifier that resolves the signing key from the token header.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
const jwt = require('jsonwebtoken');const fs = require('fs'); function verify(token) {  const { header } = jwt.decode(token, { complete: true });  const keyPath = `/etc/keys/${header.kid}.pem`;  const key = fs.readFileSync(keyPath, 'utf8');  return jwt.verify(token, key, { algorithms: ['RS256'] });}
Run or narrate your approach, then ask the coach.