[Openid-specs-ab] Issue #1055: Limits on overall url length (openid/connect)

Nat Sakimura sakimura at gmail.com
Thu Nov 1 17:20:23 UTC 2018

Just chimed in on the thread.

For the query parameter length, we should look at the request_uri.
For the database limit that some implementations has for state etc.,
well... what would be a sensible limit?

On Thu, Nov 1, 2018 at 12:20 AM Joseph Heenan via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> New issue 1055: Limits on overall url length
> https://bitbucket.org/openid/connect/issues/1055/limits-on-overall-url-length
> Joseph Heenan:
> As discussed on
> https://github.com/openid-certification/oidctest/issues/134 there are
> interoperability issues associated with some fields being overly long, in
> particular with the state & nonce fields where the spec does not limit the
> size of values supplied by the RP.
> The core spec should probably give some guidance on lengths.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20181102/65352699/attachment.html>

More information about the Openid-specs-ab mailing list