State parameter length limit
60 views
Skip to first unread message
John Florian
Jul 25, 2024, 6:03:51 PM7/25/24
to Developer Group for CMS Blue Button API
I'm trying to integrate the Blue Button API into my application. I am using a library to handle the OAuth2 details. The library generates a State parameter that is close to 1000 characters in my test case, so when calling the authorize endpoint, I receive a 502 error. If I capture the request before it goes out and reduce the length of the State parameter, I get the login page, enter my credentials, and get redirected to my CallbackUrl. However, because I altered the State parameter, it is invalid and fails validation when it comes back.
Many other OAuth2 providers allow longer State parameters over 1000 characters. Is there a reason for the lower limit here? Is there any chance of getting the limit raised? Thanks
Many other OAuth2 providers allow longer State parameters over 1000 characters. Is there a reason for the lower limit here? Is there any chance of getting the limit raised? Thanks
Developer Group for CMS Blue Button API
Jul 30, 2024, 4:34:42 PM7/30/24
to Developer Group for CMS Blue Button API
Hi John,
Thanks for the question. At this point in time we do not have plans to increase the length of the state parameter. If you want to email us at bluebuttonapi@ cms.hhs.gov we can help you figure out how to generate a shorter state value.
The Blue Button 2.0 Team
John Florian
Jul 31, 2024, 11:20:37 AM7/31/24
to Developer Group for CMS Blue Button API
Thanks, but I already made the necessary modifications to generate shorter State parameters when calling OAuth providers.
Reply all
Reply to author
Forward
0 new messages