AntiPattern
Token Validation Authority Confusion
jwt-token-issuer-validator-confusion
Bearer/JWT secrets and token semantics get mixed up—apps may sign tokens but also incorrectly validate or accept them across boundaries—so revocation/introspection treat tokens inconsistently and exposed embedded credentials enable reuse or replay.