question

Max Horstmann avatar image
Max Horstmann asked

OAuth "state" parameter too long, can it be shortened?

Setting up account linking for a new Alexa skill, I'm noticing that the initial OAuth request from Amazon's server to my configured "Authorization URL" is of the following format:

https://myAuthorizationUrl? 
client_id=myClientId 
&response_type=code
&redirect_uri=https%3A%2F%2Fpitangui.amazon.com%2Fapi%2Fskill%2Flink%2FMB1U3Y9GPTDCQ 
&state=eyJfkjsfkjhsdkhj...

where the actual value of the "state" query parameter is quite long. 1315 characters long, to be precise.

Any chance the value of this parameter could be shortened a bit? At least to something like 800 chars or less?

The total length of the URL is causing all sorts of problems on my end, in particular for users which aren't signed in (which requires another redirect with additional "returnUrl" parameter, resulting in an even longer URL).

alexa skills kitaccount linking
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brian@Amazon avatar image
Brian@Amazon answered

Thanks everyone for showing interest. We've deployed a change which should significantly decrease state length. Let us know if you're still facing issues.

12 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

No way to integrate Dropbox for instance as they expect the 'state' to be up to 500 bytes...

1 Like 1 ·

I'm facing the same issue of a state parameter that is too long. The state I get is 566 characters long and the error says "exceeded the limit of column state(CHAR(256)". Help would be appreciated.

0 Likes 0 ·

I'll pass this along to the product team.

0 Likes 0 ·

Guys, could it be shortened to 500 please? It is a real showstopper for Dropbox integration.

0 Likes 0 ·
Brian@Amazon avatar image Brian@Amazon ♦ newuser-51e9809b-1d70-43b4-b6ab-d88b2fca9a4a ·

I'll pass this along to the product team, thanks for the feedback.

0 Likes 0 ·

(OP here) problem is now fixed on our end, thanks!

0 Likes 0 ·

This hasn't changed for me (in the UK). My state string is still just under 1300 characters long. Has this fix not yet been deployed to all regions?

0 Likes 0 ·
Brian@Amazon avatar image Brian@Amazon ♦ newuser-59559a84-7603-4648-bb15-c20b339284f6 ·

The change has only been made for custom skills, so smarthome skills may still be impacted.

0 Likes 0 ·

well, in DE this is still an issue - dropbox account linking requires the state to be less than 500 in length, and i got 609, which means no account linking hence no skill, and i am talking about a custom skill.

1 Like 1 ·
Show more comments
Show more comments
Brian@Amazon avatar image
Brian@Amazon answered

Hi, I've passed this along to the dev team

2 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Brian@Amazon would love to see this get resolved. We've been blocked by this issue for the last 2 weeks. As a result of the state variable being too large (we're geting 1315 characters), we're going passed the 2,048 character limit on an HTTP GET Request as we need to re-include back in the redirect_uri

1 Like 1 ·

Thanks @Brian@Amazon! Would be great to see this getting resolved.

0 Likes 0 ·
Brian@Amazon avatar image
Brian@Amazon answered

We're working towards resolving this issue.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brian@Amazon avatar image
Brian@Amazon answered

It has now been shortened significantly.

1 comment
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Can you please announce when this fix is going to be deployed?

I am still getting a state that is over 1000 characters long.

0 Likes 0 ·
Max Horstmann avatar image
Max Horstmann answered
@Brian@Amazon

no dice, unfortunately. Still getting the long URL. Did the fix get deployed already?

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

talha9 avatar image
talha9 answered

@Brian@Amazon no dice as well. Just reproduced the issue on multiple platforms

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

KevinJ avatar image
KevinJ answered

Yeah, I'm getting a 1315 assigned 'state' value in a AWS generated Authenticated URL, and the OAuth server I'm hitting as a maximum restriction of 500 characters accepted for that key.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

talha9 avatar image
talha9 answered
@Brian@Amazon

Any plans to push this back to the devs? Your comment on July 12th at 4:59 PM has not resolved the issue. Adding this as an "answer" as I'm also unable to add a comment underneath your answer.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Noah avatar image
Noah answered

@Brian@Amazon, @talha9 not 100% right thread, but yeah the "Add a comment" button is broken for me to, I can only reply to threads, not people.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brian@Amazon avatar image
Brian@Amazon answered

Further investigating with dev team.

Edit: Thanks to everyone for letting us know this is an issue. We are still working on resolving this issue.

3 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

@Brian@Amazon any update on this?

0 Likes 0 ·

@Brian@Amazon This is still blocking us. Any thoughts when the fix will be rolled out?

0 Likes 0 ·

@Brian@Amazon Any update on this?

0 Likes 0 ·