This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 8%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi,
We are using Azure B2B external identities to allow access to partners to an internal application that supports OAUTH2+OpenID Connect. We are seeing variances in the authorization code sent back to the redirect URI of our app when using B2B - this seems to be when using Google.com for signing in to B2B. Guest accounts can sign up using Google.com as a provider. The internal app (its a third party app) seems to have a limit in the length of the authorization code it accepts.
In most cases this hasn't been an issue. We are usually getting back an authorization code of around 1860 chars, plus state and session_state params of 36 chars each (guid). However, with certain Google.com accounts, the authorization code passed to the redirect URI is 1966 chars and causes an issue with our internal app.
I just wanted to understand why there could be variations in length of the authorization code passed to the redirect_uri of our app for some google.com federated domains and not others. I assumed there would be some consistency in the length of the code being passed in by B2B when sign-in is completed.
I can't seem to find any documentation around this.
Thanks