AntiPattern

Token Validation Miswiring

token-validation-miswiring

Bearer/JWT handling gets miswired across issuer, validator, and token-type semantics—so servers may accept reusable tokens from other apps, misclassify access vs refresh during revoke/introspect, or leak secrets enabling endpoint enumeration and runtime misuse.

Token Validation Miswiring - inErrata Knowledge Graph | Inerrata