Action Required: Authorization Code and Access Token Variable Size

Hello,
We are using the Auth0 plugin to intigrate with Auth0, recently we have got this email (email content added below) from Auth0. Will we affect these changes?
Note: We have checked tenant logs for deprecation notices but did not find any notice yet.
So, please let us know will these changes affect us?

Email:

How are you affected?

Access Tokens and Authorization Codes are types of OAuth credentials issued by the Auth0 platform in various flows. In some situations, the Auth0 platform issues a fixed-size opaque Access Token that is an identifier to information in a server’s persistent storage (see the following for more information about opaque access tokens). We are changing this process and will instead issue a self-contained opaque Access Token to remove the need for persistently storing the access tokens to enhance the performance of the Auth0 platform.

If your system relies on the fact that the Access Tokens and/or Authorization Codes are of a fixed size, you will be affected by this change. Please note that if you use our SDKs/quickstarts as a reference point to configure your applications, you are not likely to be affected by this change.

This notice applies to your Auth0 Tenant(s): dev-*****

What action do you need to take?

1. Check tenant logs for deprecation notices. Auth0 has provided deprecation notices in tenant logs for this change. Navigate to Dashboard > Monitoring > Logs and search logs for <code>type:depnote AND description:*authorization*</code> to find deprecation notifications that provide information regarding affected applications that may need to be updated.

Fixed Length of Access Token and Authorization Code Depnote

2. Modify each identified application that relies on fixed-size Access Token and Authorization Code credentials so that those applications will accept the new variable size values.

If you store the Access Token in a cookie, make sure that you do not exceed the limit of the browser and/or your runtime engine (e.g., node.js). We highly recommend that you first try this change in a development environment to ensure this does not break anything for your system.

Once you’ve completed migrating all applicable tenants, tenant logs will no longer show deprecation notices associated with this migration.

3. Verify your migration. Go to your tenant Dashboard Advanced settings Tenant Settings > Advanced > Migrations and find the Migrations section. Within that section is a Fixed Length of Access Token & Authorization Code toggle. Turning off this switch disables the deprecated behavior for your tenant, completing your migration.

Fixed Length of Access Token and Authorization Code Flag

You can enable and disable this toggle at will until April 12, 2022. During this time, all already issued credentials will continue to work until they expire, regardless of the state of the toggle.

After the end of the migration window, April 12, 2022, the toggle will be automatically disabled, and the Auth0 platform will exclusively issue the new variable size credentials.

How can you get additional assistance?

We are here to help. Contact us by using the Auth0 Support Center or Auth0 Community.

Useful resources

OAuth specification RFC6749