What changes required for Opaque Access Token and Authorization Code Fixed Length to variable length

What changes required on the application side to keep running the application with the upcoming changes from Fixed length token (Opaque Access Token and Authorization Code) to variable length. No information is available anywhere what changes and what impact it will be on existing application.


Hi @connect2kapil,

Welcome to the Auth0 Community!

Is your application expecting opaque access tokens/auth codes to be a specific length? If so, it is likely to break when you send it a variable length code or token. A few questions to help clarify: How are you validating tokens and auth codes (with an SDK, with code you wrote, etc.)? Does this code expect a token/code of a fixed length?