With new support for larger tokens, use the OAuth 2.0 token exchange flow with a wider range of third-party identity providers. When you send third-party tokens to Salesforce in the subject_token parameter, the value can be up to 10,000 characters long. Previously, the maximum length for values in this parameter was 2,000 characters.
Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.
How: With the token exchange flow, you configure an app to exchange a token issued by an identity provider for a Salesforce token. To initiate this exchange, your app sends a POST request to the /services/oauth2/token endpoint. The request includes the provider’s token in the subject_token parameter.