Forum Discussion
yoelh
Microsoft
MicrosoftAzure AD B2C authorization code and refresh token size increase update
Update September 11, 2023: This post is irrelevant anymore
As part of ongoing security improvement efforts in Azure Active Directory (AAD), part of Microsoft Entra, Azure AD B2C will be rolling...
yoelhThis change is causing errors within our OIDC Code Flow client application. The "location" header in for a random AD authorization code 302 redirect is 4729 bytes! The code parameter itself is 4643 bytes long! My understanding of authorization codes is that they should be small and opaque and be a reference user state held within the Identity Provider, not an encoding of the state itself.
