authlib icon indicating copy to clipboard operation
authlib copied to clipboard
verified publisher icon lepture

length of sqla OAuth2TokenMixin tokens defined as too small

Open sistason opened this issue 2 months ago • 2 comments

I am using Authlib (1.6.5) with Flask (3.1.2) and SQLAlchemy (2.0.43), extending the provided sqla_mixins.

When migrating to a database backend respecting the string maxlength (e.g. migrating from sqlite to postgres) I noticed that both access_token and refresh_token of authlib.integrations.sqla_oauth2.Oauth2TokenMixin (https://github.com/authlib/authlib/blob/main/authlib/integrations/sqla_oauth2/tokens_mixins.py#L51) are defined as String(255). But my tokens are around 1000 bytes long, breaking the migration attempt.

As there is no actual maximal length for tokens (afaik), shouldn't this be of type Text()? I can locally overwrite the token-types in my code, but wanted to report this as a problem for everyone using sqlalchemy.

sistason avatar Oct 24 '25 14:10 sistason

It is a mixin, you can rewrite the field yourself.

lepture avatar Oct 25 '25 15:10 lepture

Yes it is, but isn't the limit of 255 for the access_token too small for all use cases, e.g. not a good default value for a mixin, if everyone needs to update it?

If its not, this is a non-issue and lets close it, just wanted to ensure this gets a decision from upstream on whether the 255-default for the mixin is still good.

sistason avatar Oct 26 '25 10:10 sistason