If I've done the math correctly, 27 characters would give you a little more than 20 bytes worth of randomness (assuming your are using random alphanumeric characters or base64url encoded bytes). 20 bytes is something you see as a SHOULD type minimum length in other protocols for random identifiers. Not sure if that's sufficient reasoning but it's what I can come up with.
On Wed, Jul 6, 2011 at 4:40 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > Are the tokens used in the examples long enough? I don't want the examples > to demonstrate poor choice of byte count. > EHL > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth