To ensure increased security for our mutual QuickBooks users, we are increasing the lengths of the authorization codes, access tokens, and refresh token fields. These field lengths have not previously been documented; we are now doing that and listing the maximum length your application needs to be able to support.
The new maximum lengths are listed below:
- Authorization codes: 512 characters
- Access tokens: 4096 characters
- Refresh tokens: 512 characters
Applications will break if they are not able to store the whole authorization code, access token, or refresh token returned. This could happen if you have hard coded the length of a field to something less than what is listed above.
Please review your code to ensure you have not hardcoded the length of these fields into your application code. If you have, please make the change to support the lengths listed above.
When is it happening?
You should ensure your application is able to support this update by June 1, 2020. The authorization code, access token, and refresh token lengths will not exceed the maximum lengths listed above.
Where can I learn more?
Review the OAuth 2.0 documentation on our Developer portal.
If you have any specific questions, reach out on our developer forums at developer.intuit.com/help.