Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Maximum response size for Client Metadata Documents #14

Merged
merged 2 commits into from
Jul 8, 2024

Conversation

ThisIsMissEm
Copy link
Contributor

I did some research through other OAuth related specifications and couldn't find any similar language. I'm unsure if we should set an absolute maximum, but I think a recommendation of 5 kilobytes is probably sufficient for almost all use cases.

I think typically these documents are under 1kb in size.

Resolves #9

@ThisIsMissEm ThisIsMissEm requested a review from aaronpk as a code owner July 5, 2024 18:29
@ThisIsMissEm
Copy link
Contributor Author

ThisIsMissEm commented Jul 5, 2024

One thing that may drive up the size of a client metadata document is full localisation of localisable properties in the document, given that the IANA language subtag registry includes several thousand languages: https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry

So maybe this limitation would actually be problematic, and we should just suggest something less than X megabytes, instead of kilobytes?

Although, I don't think I've ever seen localisation used in practice.

@aaronpk
Copy link
Owner

aaronpk commented Jul 8, 2024

The other option for localization is to use a different client ID per language, https://example.com/id/en https://example.com/id/de etc.

This is good enough for now , we can always change it later if we get more feedback.

@aaronpk aaronpk merged commit 55b78ea into aaronpk:main Jul 8, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add a recommendation to set a max size for the expected HTTP response when fetching client metadata
2 participants