Client tokens are limited to 64 bytes

[shekharhimanshu]

While integrating device shadow in my application, I was hit with a rather unknown error today, {"code":400,"message":"invalid client token"}. After investigating a bit, found similar issue reported inside python sdk, aws/aws-iot-device-sdk-python#28

How to reproduce?

• Set Shadow's client_token_prefix to be more than 64 bytes in length here or use a thing name which is more than 64 bytes in length. (Max length for thing name is 128 bytes. See, AWS Limits).
• Rebuild the ShadowDelta sample.
• Run it. (Update request should get rejected with invalid client token error response.)

As mentioned inside the python issue, I was able to confirm that the limit seems to be 64 bytes with try and error. Since this SDK uses thing name (with max length of 128 bytes) as the default for client token, 64 bytes limit for client tokens is rather easy to hit.

I would request the following:

• Update the documentation with client token size limit.
• Validate the received client tokens for size before using it inside the Shadow client.
• Do not use thing name as the default for client tokens since their max sizes do not match.

[vareddy-zz]

Hi @shekharhimanshu,
Thanks for pointing this out. We are internally tracking this issue and we will evaluate the best way to either validate the received client token or not use the thing name by default in the sample. I will keep this issue open till we have a fix for this.
We will update the documentation to explicitly state the 64 byte limit on the client token.
Thanks!
Varun

[vareddy-zz]

Hi @shekharhimanshu,
The cloud side documentation has been updated here and we have updated the README. We decided it's best to state the limitation instead of putting error checks in the code itself. Hence I will resolve this issue.
Thanks!
Varun