414 Request-URI Too Large

945 views
Skip to first unread message

Marcus Almgren

unread,
Jul 20, 2011, 2:18:10 PM7/20/11
to oauth...@googlegroups.com
If an end user is not already logged in, then after the authentication step the user is redirected to accounts.youtube.com/accounts/SetSID (along with a long sidt parameter in the querystring) and the result is an error page: "The requested URL /accounts/SetSID... is too large to process.". In this particular case I'm using 2-factor auth, but the point is that I can't change the request from a GET to a POST since I'm not the one doing the redirect to accounts.youtube.com -- it happens on the Google side.

The scope I'm requesting access to is Google Documents, but I guess Google is pushing my authentication to a bunch of sites in an SSO kind of way. I guess I could try deleting my Youtube account or disable 2-factor auth or whatever, but I'd really, really like to know why this is happening and how I can fix it.

Marius Scurtescu

unread,
Jul 20, 2011, 2:29:44 PM7/20/11
to oauth...@googlegroups.com
Hi Marcus,

Would you be able to provide the full URL of the initial request?
Trying to find a way to reproduce this issue.

Thanks,
Marius

Marcus Almgren

unread,
Jul 20, 2011, 2:52:08 PM7/20/11
to oauth...@googlegroups.com
The request chain starts with my web app redirecting the user to


upon which the end user is forwarded to

https://www.google.com/accounts/ServiceLogin?service=lso&passive=1209600&continue=https://accounts.google.com/o/oauth2/auth?response_type%3Dcode%26scope%3Dhttps://docs.google.com/feeds/default/private/full%26redirect_uri%3Dhttp://subdomain.domain.com/google/oauth2%26client_id%3Dsomeinteger.apps.googleusercontent.com%26hl%3Dno%26from_login%3D1&followup=https://accounts.google.com/o/oauth2/auth?response_type%3Dcode%26scope%3Dhttps://docs.google.com/feeds/default/private/full%26redirect_uri%3Dhttp://subdomain.domain.com/google/oauth2%26client_id%3Dsomeinteger.apps.googleusercontent.com%26hl%3Dno%26from_login%3D1&ltmpl=popup&shdf=CrECCxIVdGhpcmRQYXJ0eURpc3BsYXlOYW1lGghTaWduaWNhdAwLEgZkb21haW4aCFNpZ25pY2F0DAsSEXRoaXJkUGFydHlMb2dvVXJsGsABLy9pbWFnZXMtbHNvLW9wZW5zb2NpYWwuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2dhZGdldHMvcHJveHk_dXJsPWh0dHA6Ly9sYWJzLnNpZ25pY2F0LmNvbS9zaWduaWNhdF9zbWFsbF9sb2dvLnBuZyZjb250YWluZXI9bHNvJmdhZGdldD1hJnJld3JpdGVNaW1lPWltYWdlLyomcmVzaXplX2g9NjAmcmVzaXplX3c9MTIwJm5vX2V4cGFuZD0xDAsSFXRoaXJkUGFydHlEaXNwbGF5VHlwZRoHREVGQVVMVAwSA2xzbyIUjV8SGyydH9k8Z27qt9kGtVM5i0UoATIUwi61ifbPxH74JU5P6GvZduetD10&scc=1

where the end user (me, in this case) enters username and password and unchecks the "Stay signed in" box. And since I've enabled 2-factor auth, I then get sent to


where I enter the OTP and don't check the "remember" checkbox and hit Confirm which redirects me to

https://accounts.youtube.com/accounts/SetSID?ssdc=1&sidt=ALWU2cudmiuDRx43NAQpQvnhXet2tQ2t7BWDJWovA%2BZnB%2F71446a8uWh82KjlrH72o7ez0hZ0k8fN0iZa8Io%2BbArOfjvTwbksM%2FU1EfxqF7u4%2BxTNxMEAuxEj8on2XrY01qyt0%2BLRLfId9jnYQM23wObb%2BkuVcStTe315iPRrCFVLcOQ9hNKdbTzYiZKEq74wKHX9GBTePAVNtUJqiJi1S3DBUXfygoS9tovf%2BTJOexQzH3LTP%2B4dVNK5hb07%2Bn0vLBQ%2BHJSb5JyqXMoM%2FqVTklbIBtgOdxU0A%3D%3D&continue=http%3A%2F%2Fwww.google.no%2Faccounts%2FSetSID%3Fssdc%3D1%26sidt%3DALWU2cs5OhkRDXFjCOhugG2e5lXk%252BZjfJPai%252FksAmYeF6gmQ9OPAFebnowTOVl3jW%252B0c1laCDM4P1NNax2rE5F79pens2%252BiU9N4v%252FEJ4ijHBDq26ro2fatDkoO3CEl%252F1and7uGYX4y00svCVvkLsl9HJio4oxgPOLv2ZxG2aq7X0YvLxk5QlNfIsTRPuWtIDPb%252B6S09oG9zLEGatp2naSTAbVXW653t0ARO%252BL8n3cysSGHK5a%252BQZNg%252BzR9o48kCnVfYt6ahhylm0cD4sI%252B5nvpw8VJ5UDoLf3A%253D%253D%26continue%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252FServiceLogin%253Fpassive%253Dtrue%2526go%253Dtrue%2526continue%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fo%25252Foauth2%25252Fauth%25253Fresponse_type%25253Dcode%252526scope%25253Dhttps%25253A%25252F%25252Fdocs.google.com%25252Ffeeds%25252Fdefault%25252Fprivate%25252Ffull%252526redirect_uri%25253Dhttp%25253A%25252F%25252Flabs.signicat.com%25252Fgoogle%25252Foauth2%252526client_id%25253D1008709248413.apps.googleusercontent.com%252526hl%25253Dno%252526from_login%25253D1%2526followup%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fo%25252Foauth2%25252Fauth%25253Fresponse_type%25253Dcode%252526scope%25253Dhttps%25253A%25252F%25252Fdocs.google.com%25252Ffeeds%25252Fdefault%25252Fprivate%25252Ffull%252526redirect_uri%25253Dhttp%25253A%25252F%25252Flabs.signicat.com%25252Fgoogle%25252Foauth2%252526client_id%25253D1008709248413.apps.googleusercontent.com%252526hl%25253Dno%252526from_login%25253D1%2526shdf%253DCrECCxIVdGhpcmRQYXJ0eURpc3BsYXlOYW1lGghTaWduaWNhdAwLEgZkb21haW4aCFNpZ25pY2F0DAsSEXRoaXJkUGFydHlMb2dvVXJsGsABLy9pbWFnZXMtbHNvLW9wZW5zb2NpYWwuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2dhZGdldHMvcHJveHk_dXJsPWh0dHA6Ly9sYWJzLnNpZ25pY2F0LmNvbS9zaWduaWNhdF9zbWFsbF9sb2dvLnBuZyZjb250YWluZXI9bHNvJmdhZG

Where it says

414. That’s an error. The requested URL /accounts/SetSID... is too large to process. That’s all we know.

By now, I'm already authenticated, so all I have to do is go back to my web app and I'm immediately sent to 


and I can confirm and get sent back to my web app where everything works fine.

(The "someinteger", "subdomain.domain.com" etc. are obviously replacements for the actual values, but I can provide you with the actual values or the actual URL to the web app if that's of any assistance.)

Thank you.

Marcus Almgren

unread,
Jul 27, 2011, 4:36:44 AM7/27/11
to oauth2-dev
Hi Marius.

Any word on this one? I'm doing a POC to see if our business should
move to Google Apps and this issue is kind of having a negative impact
on the demo factor ;)
> > I can fix it.- Hide quoted text -
>
> - Show quoted text -

Marius Scurtescu

unread,
Jul 28, 2011, 7:13:11 PM7/28/11
to oauth...@googlegroups.com
Hi Marcus,

Thanks for reporting this problem and for providing all the details.
Regarding the 414 error, an issue was identified and we are actively
working on a fix. The problem seems to occur only with 2-factor
enabled accounts.

I am still investigating why did your request end up at YouTube, will
get back on that regard.

Thanks,
Marius

Marcus Almgren

unread,
Aug 15, 2011, 3:10:36 AM8/15/11
to oauth...@googlegroups.com
It's working as expected now, so I just wanted to say thanks for your prompt reaction. Very good.

John Gilmore

unread,
Jan 3, 2012, 6:35:44 PM1/3/12
to oauth...@googlegroups.com
Hi Marius,

We've been using oauth2.0 for a while and there were no problems.
Today we've experienced the same problems as described the Marcus - our request is definitely shorter then the one Marcus sent you

Is this a temporary problem ?

Many thanks,
John

Phil Chambers

unread,
Mar 13, 2012, 8:06:20 AM3/13/12
to oauth...@googlegroups.com
Hi Marius,

We've recently implement oauth2 for Google at Podio and I'm seeing the same issue. I suspect it might be due to using accounts when multiple account signin is enabled. Can you confirm/deny if you have a known issue and if not I'll give a more complete bug report?

Cheers,
Phil

Marius Scurtescu

unread,
Mar 13, 2012, 7:16:10 PM3/13/12
to oauth...@googlegroups.com
There was an issue last summer, and it was related to accounts that
had strong auth enabled. It was fixed at the time.

Are these accounts strong auth enabled? Does the user get a chance to
authenticate? Can you describe exactly what pages is the user seeing?
Do you have an account that reproduces this consistently? If yes,
please email me directly the account name (email address).

Thanks,
Marius

Unfolding Apps Inc.

unread,
Apr 27, 2012, 5:03:49 PM4/27/12
to oauth...@googlegroups.com
Hi Marius,

Sorry for the delay and  many thanks
Reply all
Reply to author
Forward
0 new messages