Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can access token be longer than 255 characters?

When allowing login by OAuth (such as OpenID, Facebook, Twitter, etc), we save the access token given by the Oath provider in mysql database for future authentication. In some tutorials, the column for saving access token is varchar(255) and some use text. I wonder if the access token (by common websites such as facebook and twitter) is longer than 255 character needing text column. Should we consider this possibility?

like image 602
Googlebot Avatar asked Nov 11 '11 18:11

Googlebot


People also ask

What is the length of access token?

Access tokens: 2048 bytes.

How many characters are access tokens?

Access tokens: 4096 characters.

What is the maximum lengths of refresh token?

What are the maximum lengths of access token and refresh token? The lengths of access token and refresh token are related to the information encoded in the tokens. Currently, each of the two tokens contains a maximum of 1024 characters.

How long should access token be valid for?

The access token is set with a reasonably lower expiration time of 30 mins. The refresh token is set with a very long expiration time of 200 days. If the traffic to this API is 10 requests/second, then it can generate as many as 864,000 tokens in a day.


1 Answers

I work at Facebook and I can give a definitive answer about this.

Please don't put a maximum size on the storage for an access token. We expect that they will both grow and shrink over time as we add and remove data and change how they are encoded.

We did give guidance in one place about it being 255 characters. I've updated the blog post that had that information and updated our new access token docs to include a note about sizes:

https://developers.facebook.com/docs/facebook-login/access-tokens/

Sorry for the confusion.

like image 77
Christopher Blizzard Avatar answered Oct 05 '22 04:10

Christopher Blizzard