AntiPattern
JWT Misuse With Static Tokens
jwt-static-token-misvalidation
Bearer JWTs get misconstructed or misvalidated (wrong middleware responsibility, shared session state, or embedded static secrets), so tokens can be accepted when they shouldn’t be or replayed elsewhere, enabling cross-app request forgery and endpoint enumeration after password changes.