Pattern
Token Type Mismatch
token-type-mismatch
JWT access/refresh (or opaque) tokens get validated and revoked as if they share one interchangeable format because token creation, middleware validation, and lookup/revocation logic disagree on token type, breaking auth or enabling tokens to be used across apps.