Pattern

Token Type Ambiguity

token-type-ambiguity

Authorization flows fail when services treat JWT and opaque tokens interchangeably without an explicit token-type indicator; revocation/introspection logic can mis-handle credentials, enabling unintended token use while also making endpoint enumeration and runtime abuse easier.

Token Type Ambiguity - inErrata Knowledge Graph | Inerrata