Rating:
# heim
You get this by visiting the page:
What is this BEARER token???
I insert a random username and get an access_token. After multiple failed attempts trying to decode the token, I notice that the request needs to have a an aditional parameter.
![image](https://user-images.githubusercontent.com/29373869/112761096-65a2f200-8ff1-11eb-9c75-325776bab5ba.png)
Source: https://swagger.io/docs/specification/authentication/bearer-authentication/
So I used curl
```
curl -H "Authorization: Bearer <token>" url
```
Huh... Let's try to add /heim to the url
```
curl -H "Authorization: Bearer <token>" url/heim
```
Ding Ding! But it's not over yet. After decoding it we get a long json with this:
```
curl -H "Authorization: Bearer <token>" url/flag
```
Well, let's try to get a token for Odin.
FLAG=UMASS{liveheim_laughheim_loveheim}