Limit of "ext-" Parameters on Universal Login Page

Last Updated: Nov 29, 2024

Overview

According to this document, parameters with the “ext—” prefix can be passed to the “/authorize” endpoint and then used in the universal login page templates.

The usage of ext- parameters comes with a few limits, though. This article details those limitations

Applies To

  • /authorize endpoint
  • Customize Universal Login Page Templates
  • “ext—” prefix
  • Limitations

Solution

The usage of ext- parameters has the following limits:

  1. The ext- parameter names must be unique
  2. There could be max 10 ext- parameters in one /authorize request
  3. The ext- parameter name must match this regex /^ext-[\w-]{1,28}$/ (start with ext-, contains [a-zA-z0-9_-] only, and max 28 characters)
  4. The ext- parameter value must match this regex /^[-\w.*~@+ /:]{1,255}$/ (contains [a-zA-Z0-9-.*~@+ /:] only, and max 255 characters)

If the limits are exceeded, the following errors could be returned:

// limit #1 exceeded
error parsing ext params: must have less than or equal to 10 keys with "ext-" prefix
// limit #4 exceeded
error parsing ext params: "ext-XXXX" with value XXXXX fails to match the required pattern: /^[-\\w.*~@+ /:]{1,255}$/'`
​​​
2 Likes