A client application that is authenticating with my system for SoF tests, is providing a “state” value in its authorization request that is too long for my system to handle. Currently my system can accept a state value up to 100 characters (this is the maximum size that the database table column currently handle for this value). In this case, it appears that the state value being provided by the client app is 124 characters long.
My question is, what is a best practice “state value”. Is there a length that is recommended?
This seems like an OAuth question rather than a FHIR question?