diff --git a/52_jwt_tokens/.env.template b/52_jwt_tokens/.env.template
new file mode 100644
index 0000000..e8233f2
--- /dev/null
+++ b/52_jwt_tokens/.env.template
@@ -0,0 +1 @@
+JWT_TOKEN=
\ No newline at end of file
diff --git a/52_jwt_tokens/.gitignore b/52_jwt_tokens/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/52_jwt_tokens/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/52_jwt_tokens/README.md b/52_jwt_tokens/README.md
new file mode 100644
index 0000000..9510744
--- /dev/null
+++ b/52_jwt_tokens/README.md
@@ -0,0 +1,16 @@
+# JWT
+
+TODO:
+
+* Play around with some vulnerable auth packages.  
+
+## JWT Algorithm Switching Vulnerability
+
+```sh
+. ./.env
+echo ${JWT_TOKEN} |  base64 -di 
+```
+
+## Resources
+
+* https://www.vaadata.com/blog/jwt-json-web-token-vulnerabilities-common-attacks-and-security-best-practices/
\ No newline at end of file