Hello d d,
Thank you for posting your query here!
The exact maximum length of Access and Refresh tokens in Azure Active Directory B2C is not explicitly specified in the official documentation. However, it’s important to note that these tokens are JSON Web Tokens (JWTs) and can vary in size based on the number of claims and other information they contain.
In general, it’s recommended to be prepared to handle tokens up to 2KB in size in your applications. This is not a strict limit but a suggested size to ensure your application can handle tokens of varying sizes.
As for the lifetimes of Access tokens in Azure Active Directory B2C:
The lifetime of the OAuth 2.0 bearer token and ID tokens is configurable. The default is 60 minutes (1 hour). The minimum (inclusive) is 5 minutes. The maximum (inclusive) is 1,440 minutes (24 hours).
Similarly, In Azure Active Directory B2C, the lifetime of a Refresh Token is as follows:
The maximum time period before which a refresh token can be used to acquire a new access token, if your application had been granted the offline_access scope, is 90 days. The default is 14 days. The minimum (inclusive) is one day.
Similar queries for reference: https://learn.microsoft.com/en-us/answers/questions/1631489/what-are-the-maximum-token-lengths-for-access-and
https://learn.microsoft.com/en-us/answers/questions/501381/what-is-length-of-the-refresh-token
I hope this helps! Please let me know if the issue persists or if you have any other questions.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.