Fixed Length of Access Token & Authorization Code

Hey everyone,

We started getting the notification for this deprecated feature. In there I’m reading:

Modify each identified application that relies on fixed-size Access Token and Authorization Code credentials so that those applications will accept the new variable size values.

I’m not sure what this means. I’m seeing that we use audience and as far as I understood this will result in a JWT token always. So, maybe this is not what is causing the warnings.

In another thread I saw that the “solution” to this migration is to turn off a toggle in the tenant settings. I see how this will make Auth0 issues tokens with variable size and will stop the notification. However, I don’t see how this solves the problem on our side where the apps may be broken.

Please advice. What we should focus on? Do we need to check something in your dashboard for each of the apps or we need to look for something specific in our integration.

Hi @krasimir,

Thanks for reaching out.

Auth0 has no direct control over the code in your application. This warning is instructing you to look at your application and see if it is expecting fixed length tokens and codes.

This setting is tenant-wide, no action needs to be taken on a per application basis.

Does the logic in your application expect tokens/codes to be a fixed length?

Does the logic in your application expect tokens/codes to be a fixed length?
Nope. I don’t think we have such logic. I toggled the switch in the tenant settings. We’ll monitor the apps closely this weekend.

By " Modify each identified application" I thought you guys mean the Auth0 applications.

Sounds good! Let me know if you have any other questions.