[pve-devel] [PATCH access-control] fix #4074: increase API OpenID code size limit to 2048
Mira Limbeck
m.limbeck at proxmox.com
Wed Jun 15 16:09:50 CEST 2022
Azure AD seems to have a variable authorization code size, depending on
the browser state according to one report in bug #4074 [0].
Sometimes the size is greater than our current limit of 1024, so
increase it to 2048.
The RFC [1] mentions that there is no limit to the code size, but based on
current experience, a size limit of 2048 might be enough for every
current OpenID Connect provider.
[0] https://bugzilla.proxmox.com/show_bug.cgi?id=4074
[1] https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2
Signed-off-by: Mira Limbeck <m.limbeck at proxmox.com>
---
The PBS implementation doesn't seem to be using any code size limit, do
we want to remove it entirely in PVE as well?
src/PVE/API2/OpenId.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/API2/OpenId.pm b/src/PVE/API2/OpenId.pm
index c838b2c..8653d61 100644
--- a/src/PVE/API2/OpenId.pm
+++ b/src/PVE/API2/OpenId.pm
@@ -134,7 +134,7 @@ __PACKAGE__->register_method ({
code => {
description => "OpenId authorization code.",
type => 'string',
- maxLength => 1024,
+ maxLength => 2048,
},
'redirect-url' => {
description => "Redirection Url. The client should set this to the used server url (location.origin).",
--
2.30.2
More information about the pve-devel
mailing list