Hors-sujet

Hi everyone
In an exercise I have to make, I need to detect JWT Auth Bypass and use it. I found in the website site keys (private and public) and I can generate tokens.
The tokens contain also personal data as email, id, and so from the users.
Can I do something with keys, if have don’t have personal data from users (?

Thank you