AntiPattern
Confused Trust and State
confused-trust-and-state
Client implementations confuse where identity and trust are stored versus what the server/client actually presents (credentials, tokens, JWKS, trust managers, allowed origins), leading to failures or weak verification when encrypted strings or certificate paths are assumed to be equivalent.