We have a few questions about below doc:
1. What is the previous length of the Opaque Access token, and what will be the new variable-length range after the deprecation?
Previous Fixed Opaque token length: 32 Chars
New behavior: For a token that is meant to be used with the ‘userinfo’ endpoint, it is safe to assume that the size of the token will not exceed 4096 characters. When specifying an audience, the exact content of access tokens cannot be determined beforehand (e.g scopes and claims can vary in number and size depending on circumstances). Hence no specific guidance about size is given, and the length has always been variable.
2. What is the previous length of the Authorization code, and what will be the new variable-length range after the deprecation?
Previous Fixed Code length: 16 Chars
New Behaviour: Currently, the Max is set to 45 Chars. This is an implementation detail and can be changed.