What do I need to do in regards to the Authorization Code and Access Token Variable Size deprecation warning?f

Problem statement

What do I need to do in regards to the Authorization Code and Access Token Variable Size deprecation warning? And could you please elaborate on what this warning is about?

Troubleshooting

You may need to troubleshoot and determine if you have any applications that depend on a fixed-length authorization code or if you are using an opaque access token. To do so, please follow the steps below:

1. Navigate to your Auth0 Dashboard > Monitoring > Logs

2. Search logs for:
   type:depnote AND description:*authorization*
   to find deprecation notifications that provide information regarding affected applications that may need to be updated.

3. If you find any logs regarding fixed-length access tokens, then you might have code that parses the access token based on the length of the token for that application.

Solution

Before we begin, please note that any tenant created after April 12, 2022, for Public Cloud and June 2022 for Private Cloud will have the Fixed Length of Access Token & Authorization Code setting enabled automatically.

The Authorization Code and Access Token Variable Size deprecation notification warns our customers about the changes to the authentication flow. This change would only affect developers who applied a fixed-length check for opaque access tokens or authorization codes.

If you have not implemented anything like this, use an Auth0 SDK or Quickstart then this change will not affect you.

With that, proceed with disabling the Fixed Length of Access Token & Authorization Code setting in the Auth0 Dashboard > Settings > Advanced and scroll down to the Migrations section.

On that page, you will see the switch to toggle off the Fixed Length of Access Token & Authorization Code setting.

1600×484 98.7 KB

After doing so, please verify that you can still authenticate onto your applications without problems. Once that is complete, you should be all set with the Migration.

Reference Material

• Opaque Access Token and Authorization Code Fixed Length Announcement
• Deprecations and Migrations
• How do I enable/disable the Fixed Length of Access Token and Authorization Code?
• How do I disable the Opaque Access Token and Authorization Code Fixed Length setting using Deploy CLI?
• Does the Opaque Access Token and Authorization Code Fixed Size deprecation have any impact on my tenant?
• Does the variable size token change impact me when using Actions to append custom claims to a token?