Max size for oauth token

Question

I want to store my token string in a mysql database. I am not sure about the max size for the token returned by the Client::getAccessToken function in the google-api-php-client library https://github.com/google/google-api-php-client

For now I did a print_r on the value and noticed that the length is 168. That has led me to store the token as type varchar and length 200.

I would greatly appreciate a more definitive answer concerning the maximum length of the access token string returned by the getAccessToken function in the google-api-php-client library. And I would appreciate recommendations for storing this information in a mysql database.

Answer 1

Google includes access tokens lengths in its API documentations At the moment of writing this answer the length of Google OAuth2 Access tokens is 2048 bytes. But another Google API manual says:

Tokens can vary in size, depending in part on the size of mapped claims, up to a maximum of 12288 bytes (12 KB). Google reserves the right to change the token size and the maximum length at any time.

It seems that there's no any standard limitation for OAuth2 access tokens length and it may vary in the future. For example Facebook in their API documentation warn:

Expect that the length of all access token types will change over time as Facebook makes changes to what is stored in them and how they are encoded. You can expect that they will grow and shrink over time. Please use a variable length data type without a specific maximum size to store access tokens.

So it's better to have a variable length data type for OAuth tokens storing.