3,300 questions
jwt.ms cannot handle query parameter exceeds 2048 characters / Why AAD B2C Authorization Code is longer than 2000 characters?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 56.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bandhit Suksiri
21
Reputation points
Related to https://github.com/Azure/api-management-developer-portal/issues/2160.
Recently, I discovered that the Authorization Code returned from Azure AD B2C is longer than expected when compared to Azure AD. I also discovered that jwt.ms returns an error when the query string exceeds 2,048 characters.
Questions:
- Is there a reason why the AAD B2C Authorization Code is longer than 2,000 characters?
- If it must be longer than 2,000 characters, I believe we may discovered a bug on jwt.ms because it cannot handle query string exceeds 2,048 characters. Supplement
- Azure AD B2C: more than 2,400 characters.
eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..YMkkMiroq3rfMQdx.xXntiWZq-hz0mDlZZdm4x4fhE_HwwbI2-NY6U3fAt1hvSbdgtTpyk0XEC-fGFhWpKU54E3j-tIx-e03mj0Bkkc52DGDaFi7H9XtTIKlk_SdfW52C9SXwYXyvSsa4wRXS-L_L6JqubdLBIw1Ud-1MgXv2hHacTSEYBb_jvBWBbADb4Uvolt6HZ4QZinYVBvMQFa_dn_Y6LDlpa6pHXeWyrVCHZQtn5KHycI6Oxfm1pp7yWrLeH9DKbyv-LnqwDiCrvQYtM1XY6G6bDOMbh88OI0AkhsysWqBxgYHmaYlN0579YD-DOmqSBrd4VjgZ7qzIFD4Yeb6OPDG3-2VbuS0UYg2uki7BIltTgJSsRuuRzWtk3F4FKvD6DE3l00CcFRy6SnH9jzytHM2iku-4deNrkXUTbSRZuFGhJapdU_feTiLGr1qCgiQ6a2LyQ91yrwE48D39ERWv5Q8Dk2gP0S8eALhKEs29AaisahoeCf7kV9gvtuu_fbtgLVUlVGWmIjGkKEz8SmtZFlUZFm20jsh30gZkTM-SM49wxpmoEgvsLP4dIG6ozAsC8c0jD8fC5hXQ5DOMmCUBokrsicA0QwhpGvDY1DNn6c6gr23gXYElKA1NTWszxpCyi5k7ibDsd1nTYkXEJxssZteQk6raSs3gQRfs1i2PLeCIEHEbeP8Q3PoPP9ZaKGYRYKyYfub_tdIgBITElA0EdzHtrnIdgjDncfNjAeTEIzWXxeFuj6wpYTZxjPR2bTXkXYMdKZkB5F3dcvUSeY4OlaViLBJNjygYMBm2npf_c61qVashYkYgA7sO3hApfR_kT1fldqXRM3NDgO1c72dfxMxTZf6d7xhJ42-UKuxtTpUfyxruwcsgErqCtFmUhX-8jx4NJXU0IVgfNZ_fu8_Kcr98LA5EP7agMY7951zpwDDiZTvGiCLaSNGeOEM2QOJ9flOnfLf8a3eVkyRE8xuQSIu5Z1wRykK78HOFWvedtuQVFgqMUwjZBMC_OAmpZYofSDBi6cEhWSotTw8UmPXLwjq2PC9cAmwxNXDv9r-5uOjisMJPM02dwtVZ0aZ1F81vSdaeXXDckziFws5-rFCBzgagOFENpXzajJND_AIDoKMojgGhK-kGX4zeaR3joHMoGccIUXin-hXTWQU6B3ra1ryyBE-22X-eccjyQSi9n8XQ_VHFYzZNVIwLANkak4AZQAbyvT0HiSlW5SmBstu2ORtqb2UcPM6F6SekqQcq23US9H5fuZWb87YeB05K4Rl2GAlse2eInlaPbz47fN8r8t3wtJiBkUwgPH9-x_ZND_lqopQW2D6KjWf6owEOmo-LOzkDfreU8bQftGebIRU-WkXJ8HtiNKtlWnjzROEQgtTHVxUp5MEyxcBHMRLETlWnsbpwYQO20xBXxjmUIKam5cUOjV0sk26Rpw_79RHzxkN5t0Ui5poDaEnyda3ds3PcAFsG9z7ioeL1z_G2c9itYVJh2kSaUsd1K3yUxy8K_OljOdAqTMY4Bdc0K7hBX0kzxOZ30_17uo9hS0T98Yb5l_3LVTMPDs9hVEMAm3N5Cc_cl0QQS3sgW_n87-9tRfsCUx_rDzBH8EchgOZ_lCY3L1H4VsxvjSFpyha8T0E5EIr3SJTNdqNsy4g-SemjKcrWOMF0lyc3BvIlDy1Foqtmz1JC0k3xQqSSQUyqNM06tGlLQqelxejXbg28BMMmCNsOLdHDT8WHDa3MzBa9SYhl_iS8Arv0Z0v4uF5OBPsAw1V2mx1YpPyQ5URGV75LiaIi5dDifDLdCPs51l0uMkVkdBm6aWO_kzioP08hH0KqQBwnHq9WTTjUkpeDA-d19QdGUo3LD4z5XC8PIj7_KfXUcXb6_14P61GkyjHzSfBarQc5XLBTKfUDFrmWB503IXOrXWnlrqMeDXq1sPB067BX1M599y2fYZpAWi_vzTr_Lx6H8hmx8z30qf18O-Gy6unPv3ojRa3RLrCz4E0iyE1Z9v1NoVxPc-pI2eeJILum8ILARfyFyz5dK1envOo29dn6Kk22q49IZc1SXF-2S2JKyHtqk6e3hYMP5pdJnwBkBJPdiv4wM6aO8ztFd0qOPA8AZVrQzXh4RXavD65AMLqfq7vcmlsOeqanF1yZjqS8wYq3HGBEW2Zul6ntUVIoumVQa0pOActyPrZWEBOqmkZuoCNlau1H5SFcmgRIKxD7Q6e4JWoe100gO2Q1VLad8syXZb1X2RnM88Qe4YCRQD0N2zuXqH9tJWhrnlj9gDeAC9aU7cSO.kTpoJDfKaJnnOUCyAVa72g
- Azure AD: around 1,000 characters
0.AT4ATsw-bHcgdk2sCnwU3uWblKt3a57vRcBIk998Bp7lmDs_AMA.AgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wUA9P9_RzrmPsJwODgCw4g7kFFgYR2ezs8148Ksb5mYZBakwsI34LP9Q4XuwumCQrkwLNGRCSzyQO0-4bBilARLwu6MTUFruXz7_tT1VTXRfEOKGi77Uo2zUgACBsEZNY5pJmfo7JDij2mDt9vMQbG6Qpd35cIHu9oy9PcYULVJyjghtrWw54KFTetb9ZW6HKMGxGr9__3hUUnTHYFTAL9hE7joX5Lqqyqu-ftepyQ3-7w6aPsJAh2VLA6JrRtWj14TU7z0PJFFPmCWtiXhbTfWEk0VfLaxtRk76KvRCCNth72Jd3-zQusziKugbseKd9RIj4w50jRBMPI7JAeDb3ZHvfrkqdMqr_41api7iyD7NIohBnY6omKudnf3DB9Wd0j2xxfDISwO06udkGsYQBQ7Ui88sO8sW4ZtPE34zz1-CzdlRU-p0Gp1y0Yk-AjOhlBHOKSUyRS7Bfwc4ys4f8HlxJvMCAlHyqdUbiRfg2hl4DwLLQHlZuuVACa7_OXUmoKtApRqabXIhW7RV6xqrs4KV2D-pQfe0uvmrfsTuZEjMV2UT6-iECKtT-obRBfXRofPqXyuakwxVMuCXNuv2tambWH81EO-WFYJePrW9T1g2r1vsyaIQrlGSJ5PTF6T70R6oKaUEjwlafGvcGLnaaBJugXQgWWjth9RDXuKcRJWOUWtIwSWPuDbVROhGxHd6oltLrJJFQTjwkYhP7RMOSfwn0WsiF9PJlcP4EQ_lYiMRirmE8kobe_wW4DJqwnecVKHD8Y2QVWHjKYb3ZYe0I4rYxK0SEilDqVyjvqHqP9a9jCMKJZzKhBVBYJy8w3DrpqJpBlnNEG88JOjUAMiEhvc9VjvAr34DAujyuG8PBRpz_Crgg4s
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,247 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 6%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECR%3C/text%3E%3C/svg%3E)
Carlos Rian | Quartile 6 Reputation points2023-04-21T20:07:39.5233333+00:00 I have the same problem. This is very boring; the MS updated the application and broke another thing.
-
Bandhit Suksiri 21 Reputation points
2023-04-24T01:37:32.92+00:00 removed, due to duplicate post.
-
Bandhit Suksiri 21 Reputation points
2023-04-24T01:39:46.6866667+00:00 It seems that someone have identified the root problem.
Azure AD B2C authorization code and refresh token size increase update I'm not sure now, but it seems to be working correctly now. (Did they rolled it back?) In past, sometimes the length of the query string reduces to approximately less than 2,000 chars, and the authentication starts working. However, randomly, the length of the authorization code increases and breaks the authentication as mentioned above. To be honest, the breaking change that caused the authentication issue was poorly communicated, to say the least. The change may have been implemented without adequate notice or explanation, which can be frustrating for users who rely on the service. Clear communication and documentation are essential for ensuring a smooth transition and preventing issues like this from occurring in the future. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 63%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
Paul van Coller 5 Reputation points2023-04-24T03:22:34.8533333+00:00 I believe Microsoft have rolled back the change. Not sure how long it will be rolled back, but for now the authorization code size is around 900 characters. I recommend we all update our code to use
response__mode=form__postin case this gets rolled again.
Sign in to comment
1 answer
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Comments have been turned off. Learn more