Pattern

JWT Token Type Confusion

jwt-token-type-confusion

Access and refresh JWTs get issued, validated, and revoked with ambiguous or missing token-type semantics, so introspection/revocation and middleware authorization treat the wrong token class as valid. The result is failed auth flows and potential cross-app token misuse.

JWT Token Type Confusion - inErrata Knowledge Graph | Inerrata