Code Room
Code reviewMedium
Question
Review this Java service that signs JWTs.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
public class TokenService { private static final String JWT_SECRET = "s3cr3t-prod-signing-key-2021"; private static final String AWS_KEY = "AKIAIOSFODNN7EXAMPLE"; public String issue(String userId) { return Jwts.builder() .setSubject(userId) .setExpiration(new Date(System.currentTimeMillis() + 86400000)) .signWith(SignatureAlgorithm.HS256, JWT_SECRET.getBytes()) .compact(); }}Run or narrate your approach, then ask the coach.