Our web application has a JWT that we want to send to other applications (the application itself is a portal). Initially we wanted to send it using the Authentication header (Bearer) but there’s no way to do this via, say, window.open(). We then decided to go with a querystring parameter. However, although the string is long (the token itself is a little over 2.3K), from what we can tell it’s still well under the maximum length for a URL. Oddly, instead of getting a HTTP 414 as one would expect, we get a 404.
The URL that’s being linked is a SharePoint site in this case; could it be that SP/IIS has some configuration that’s overriding this default behavior?
Thanks in advance.