问题
When allowing login by OAuth (such as OpenID, Facebook, Twitter, etc), we save the access token given by the Oath provider in mysql database for future authentication. In some tutorials, the column for saving access token is varchar(255) and some use text. I wonder if the access token (by common websites such as facebook and twitter) is longer than 255 character needing text column. Should we consider this possibility?
回答1:
You won't run in to the problem with Facebook or Twitter from my experience (In 3+ years there hasn't been a problem for me on my systems storing it at length 255). That said, a quick search did bring up this question on Quora http://www.quora.com/OAuth-1/Whats-the-maximum-length-of-an-OAuth-access-token-key-secret-pair
This answer is incredibly old and incorrect. Look at the latest answers. Do not limit the size of the access token.
回答2:
I work at Facebook and I can give a definitive answer about this.
Please don't put a maximum size on the storage for an access token. We expect that they will both grow and shrink over time as we add and remove data and change how they are encoded.
We did give guidance in one place about it being 255 characters. I've updated the blog post that had that information and updated our new access token docs to include a note about sizes:
https://developers.facebook.com/docs/facebook-login/access-tokens/
Sorry for the confusion.
回答3:
this seems outdated... Facebook now may send tokens longer than 255 chars, at least for 60 day tokens (those substituting offline access).
Have you checked this related question?
来源:https://stackoverflow.com/questions/8098515/can-access-token-be-longer-than-255-characters