max length of third party access token

Not applicable

Hi

We want to use Oauth flow with externally generated access tokens. https://docs.apigee.com/api-services/content/use-third-party-oauth-system

Our access token will contain an id and some metadata, packaged together and encrypted. This will make the access_token string a bit long.

Does Apigee impose a limit on length of the externally generated access token for Oauth flows?

Regards.

1 2 1,309
2 REPLIES 2

Good question!

Unfortunately, I don't know the answer. Let me check for you.


EDIT

It turns out there is no documented limit for the length of an external access token. Currently the internal store uses 64kb as a limit. I discourage you from testing that limit, however. If you have a token that is 2kb, that seems safe.

In the future, we will document and enforce a limit; I suspect it will be lower than 64kb.

Thanks.

I searched but could not find it in documentation.