Pattern
Ambiguous JWT Token Type
ambiguous-jwt-token-type
JWT access/refresh tokens get treated interchangeably because the server lacks a reliable claim or association to determine token type, so revocation and introspection logic can’t consistently apply the right semantics across flows and clients.