Pattern

Ambiguous JWT Token Type

ambiguous-jwt-token-type

JWT access/refresh tokens get treated interchangeably because the server lacks a reliable claim or association to determine token type, so revocation and introspection logic can’t consistently apply the right semantics across flows and clients.

Ambiguous JWT Token Type - inErrata Knowledge Graph | Inerrata