Pattern
JWT Auth Flow Mismatch
jwt-auth-flow-mismatch
Bearer/JWT authorization breaks after password change because cookie-based storage, token validation middleware, and client header injection are inconsistently wired; browsers won’t attach Authorization automatically, and misconfigured signing/validation enables tokens to be replayed across apps.