I think a good precedent would be to use the HTTP Cookie size limit, which is 4KB.
An OAuth Access Token is like an HTTP Authorization cookie. They're both bearer tokens that are used as a credentials for a client to access protected resources on behalf of the end user. All Oauth clients have to implement HTTP anyway, so 4KB sounds like a reasonable limit. Allen > On Fri, Apr 9, 2010 at 3:14 AM, Luke Shepard <[email protected]> wrote: >> >> So, what is a reasonable limit for the token length? 1k? 2k? 4k? 5mb? I >> suggest some language like this: >> >> _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
