AntiPattern
JWT/Token Validation Boundary Confusion
jwt-validation-boundary-confusion
Bearer tokens and their revocation/introspection semantics get muddled—signing/validation responsibilities blur, token type detection is missing, and shared/static credentials enable replays or cross-app token use—so legitimate-looking requests can bypass checks or be mis-handled.