Hello, I think its great that Auth0 is supporting RFC 6749 specifications. I have switched off the fixed length size for auth codes and access tokens, but it still would be nice to know the max sizes that could be returned.
In addition to the spec mentioning “The authorization code string size is left undefined by this specification. The client should avoid making assumptions about code value sizes.”, the spec also mentions “The authorization server SHOULD document the size of any value it issues.”
Is there any such documentation?
Thanks.