Pattern

Token Type Mismatch

token-type-mismatch

JWT access/refresh (or opaque) tokens get validated and revoked as if they share one interchangeable format because token creation, middleware validation, and lookup/revocation logic disagree on token type, breaking auth or enabling tokens to be used across apps.

Token Type Mismatch - inErrata Knowledge Graph | Inerrata