Limit of "ext-" Parameters on Universal Login Page

Last Updated: Nov 29, 2024

Overview

According to this document, parameters with the “ext—” prefix can be passed to the “/authorize” endpoint and then used in the universal login page templates.

The usage of ext- parameters comes with a few limits, though. This article details those limitations

Applies To

• /authorize endpoint
• Customize Universal Login Page Templates
• “ext—” prefix
• Limitations

Solution

The usage of ext- parameters has the following limits:

1. The ext- parameter names must be unique
2. There could be max 10 ext- parameters in one /authorize request
3. The ext- parameter name must match this regex /^ext-[\w-]{1,28}$/ (start with ext-, contains [a-zA-z0-9_-] only, and max 28 characters)
4. The ext- parameter value must match this regex /^[-\w.*~@+ /:]{1,255}$/ (contains [a-zA-Z0-9-.*~@+ /:] only, and max 255 characters)

If the limits are exceeded, the following errors could be returned:

// limit #1 exceeded
error parsing ext params: must have less than or equal to 10 keys with "ext-" prefix
// limit #4 exceeded
error parsing ext params: "ext-XXXX" with value XXXXX fails to match the required pattern: /^[-\\w.*~@+ /:]{1,255}$/'`
​​​