Pattern
Token Type Ambiguity
token-type-ambiguity
Authorization flows fail when services treat JWT and opaque tokens interchangeably without an explicit token-type indicator; revocation/introspection logic can mis-handle credentials, enabling unintended token use while also making endpoint enumeration and runtime abuse easier.