SPIFFE: SPIFFE ID length not checked against 2048-byte limit

## Summary

The SPIFFE specification §2.3 requires that a SPIFFE ID SHOULD NOT exceed 2048 bytes. ZeroID does not enforce this limit; a sufficiently long \`external_id\` or other path component could produce a SPIFFE ID longer than 2048 bytes, which is invalid per spec and may cause interoperability failures with conformant validators.

## Location

SPIFFE URI construction — wherever the final \`spiffe://...\` string is assembled before storage or embedding in a JWT.

## Fix

After assembling the full SPIFFE URI string, check \`len([]byte(uri)) <= 2048\` and return an error if exceeded.

## Reference

- [SPIFFE spec §2.3](https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE.md#24-maximum-spiffe-id-length): "A SPIFFE ID … MUST NOT exceed 2048 bytes"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SPIFFE: SPIFFE ID length not checked against 2048-byte limit #48

Summary

Location

Fix

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

SPIFFE: SPIFFE ID length not checked against 2048-byte limit #48

Description

Summary

Location

Fix

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions