On Tue, Mar 9, 2010 at 11:02 PM, Luke Shepard <lshep...@facebook.com> wrote: > I'd still like to see someone construct an example access token that is > longer than 255 characters that would be reasonably used. If there > are real, legitimate use cases that REQUIRE more than that many > characters, then let's hear them. I don't think that appealing to > "it might be useful" is a good enough argument.
Cached group memberships and other user attributes are what typically blow out the cookie size in enterprise environments. If you browse around the web for a bit you'll see various sites that set very large cookies after users log in. They are caching state in the cookie. It's all fair game for API tokens as well. Cheers, Brian _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
