Pattern
JWT Token Type Confusion
jwt-token-type-confusion
Access and refresh JWTs get issued, validated, and revoked with ambiguous or missing token-type semantics, so introspection/revocation and middleware authorization treat the wrong token class as valid. The result is failed auth flows and potential cross-app token misuse.