简体   繁体   中英

what are the sizes of access_token and refresh_token in Microsoft Identity platform scenarios and if reasonable, should it be stored in the DB?

Our app has the need of storing access_token and refresh_token in the DB, but as we compare the size to Salesforce's same tokens - it's much larger: access_token in MS 2150 chars vs access_token in SF 112 chars (similar ratio for refresh tokens). We are using the On-Behalf-Of flow : https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow My understanding is that OAuth2 spec wouldn't specify the size of the tokens, it's open to implementations. The question is if cookie based storage is not preferred, or for cases where custom apps would need to use DB access/refresh token serializations - isn't the length/size an issue or constrain? thanks

AAD 令牌没有已知的大小限制。

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM