AntiPattern
Token Validation Miswiring
token-validation-miswiring
Bearer/JWT handling gets miswired across issuer, validator, and token-type semantics—so servers may accept reusable tokens from other apps, misclassify access vs refresh during revoke/introspect, or leak secrets enabling endpoint enumeration and runtime misuse.