Code Room
Code reviewMediumcr-g549
Subject Security hardcoded secretLevel Mid–Senior~15 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Java service that signs JWTs.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
public class TokenService {    private static final String JWT_SECRET = "s3cr3t-prod-signing-key-2021";    private static final String AWS_KEY = "AKIAIOSFODNN7EXAMPLE";     public String issue(String userId) {        return Jwts.builder()            .setSubject(userId)            .setExpiration(new Date(System.currentTimeMillis() + 86400000))            .signWith(SignatureAlgorithm.HS256, JWT_SECRET.getBytes())            .compact();    }}
Run or narrate your approach, then ask the coach.