MSG160-9033 avatar image
0 Votes"
MSG160-9033 asked MSG160-9033 edited

Azure B2B - authorization code variable length for federated auth


We are using Azure B2B external identities to allow access to partners to an internal application that supports OAUTH2+OpenID Connect. We are seeing variances in the authorization code sent back to the redirect URI of our app when using B2B - this seems to be when using for signing in to B2B. Guest accounts can sign up using as a provider. The internal app (its a third party app) seems to have a limit in the length of the authorization code it accepts.

In most cases this hasn't been an issue. We are usually getting back an authorization code of around 1860 chars, plus state and session_state params of 36 chars each (guid). However, with certain accounts, the authorization code passed to the redirect URI is 1966 chars and causes an issue with our internal app.

I just wanted to understand why there could be variations in length of the authorization code passed to the redirect_uri of our app for some federated domains and not others. I assumed there would be some consistency in the length of the code being passed in by B2B when sign-in is completed.

I can't seem to find any documentation around this.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers