HTTP 404 when passing long JWT in query string

,

Our web application has a JWT that we want to send to other applications (the application itself is a portal). Initially we wanted to send it using the Authentication header (Bearer) but there’s no way to do this via, say, window.open(). We then decided to go with a querystring parameter. However, although the string is long (the token itself is a little over 2.3K), from what we can tell it’s still well under the maximum length for a URL. Oddly, instead of getting a HTTP 414 as one would expect, we get a 404.

The URL that’s being linked is a SharePoint site in this case; could it be that SP/IIS has some configuration that’s overriding this default behavior?

Thanks in advance.

Hi @steve-king-ky,

Welcome to the Community!

Just a warning: sending tokens in the qs can be considered risky.

The 404 would suggest you are sending to a page that doesn’t exist. It’s hard to say without knowing a bit more about what is going on. If you want to capture a HAR of the error happening and DM it to me I would be happy to take a look.