No issue, and there is certainly precedent. SAML 2.0 specifies the following about persistent name identifiers, which would be similar is use and formfactor:
Persistent name identifier values MUST NOT exceed a length of 256 characters -cmort On 3/9/10 3:50 PM, "David Recordon" <record...@gmail.com> wrote: Ideally we'd limit the length of access and refresh tokens as well as client keys and secrets to no more than 255 characters (a one byte varchar in MySQL). Is this an issue for anyone? The OAuth 1.0 protocol specifically states: Clients should avoid making assumptions about the size of tokens and other server-generated values, which are left undefined by this specification. That seems like a poor idea when it comes to implementability of the technology. Why did OAuth 1.0 make that decision? --David _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
