[Openid-specs-ab] Issue #1342: Reevaluate URI length restriction (openid/connect)
David Waite
issues-reply at bitbucket.org
Sat Sep 25 11:14:42 UTC 2021
New issue 1342: Reevaluate URI length restriction
https://bitbucket.org/openid/connect/issues/1342/reevaluate-uri-length-restriction
David Waite:
The current [SIOPv2 spec states](https://bitbucket.org/dwaite40/connect/annotate/master/openid-connect-self-issued-v2/openid-connect-self-issued-v2-1_0.md?at=master#openid-connect-self-issued-v2-1_0.md-343):
`The entire URL MUST NOT exceed 2048 ASCII characters.`
While URL continue to have limits, these have grown substantially larger in modern browsers and operating systems.
I will do experimentation of the size limits across various browsers and operating systems, but I believe the min max is now over 64kb excluding IE 11. At the OS level, this may be even larger \(on the order of MB\).
More information about the Openid-specs-ab
mailing list