HTTP 404 when passing long JWT in query string

steve-king-ky · June 8, 2021, 7:19pm

Our web application has a JWT that we want to send to other applications (the application itself is a portal). Initially we wanted to send it using the Authentication header (Bearer) but there’s no way to do this via, say, window.open(). We then decided to go with a querystring parameter. However, although the string is long (the token itself is a little over 2.3K), from what we can tell it’s still well under the maximum length for a URL. Oddly, instead of getting a HTTP 414 as one would expect, we get a 404.

The URL that’s being linked is a SharePoint site in this case; could it be that SP/IIS has some configuration that’s overriding this default behavior?

Thanks in advance.

dan.woda · June 9, 2021, 5:36pm

Hi @steve-king-ky,

Welcome to the Community!

Just a warning: sending tokens in the qs can be considered risky.

The 404 would suggest you are sending to a page that doesn’t exist. It’s hard to say without knowing a bit more about what is going on. If you want to capture a HAR of the error happening and DM it to me I would be happy to take a look.

system · July 13, 2021, 4:32pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to Securely Pass a JWT in the URL Query Parameters of a GET Request Knowledge Articles jwt , url , query-parameters , get	1	27511	July 6, 2021
JWT.IO Devs - can you make available a query string so we can send a JWT as part of the page request? JWT.io	2	4780	August 28, 2019
Pass JWT token to frontend Help token , jwt , bearer-token , token-url , j	4	7222	March 2, 2018
UnauthorizedError: jwt malformed in express.js JWT.io access-token , jwt-validation , serverside	23	60147	September 15, 2022
How to parse the JWT Bearer Token from WEbAPI using C# Help	2	4873	December 24, 2018

HTTP 404 when passing long JWT in query string

Related Topics