Share via

AADSTS90015: Requested query string is too long.

gefisouza gefisouza 10 Reputation points
2026-03-18T13:42:19.5066667+00:00

Can someone helping me, with this issue ?

Thanks !!

Azure Databricks
Azure Databricks

An Apache Spark-based analytics platform optimized for Azure.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SAI JAGADEESH KUDIPUDI 1,600 Reputation points Microsoft External Staff Moderator
    2026-03-20T18:24:45.0366667+00:00

    Hi gefisouza gefisouza,
    We are aware that several users are encountering the AADSTS90015 (Requested query string too long) error when attempting to sign in to Azure Databricks.

    From the observed behavior—such as intermittent login success, impact across multiple tenants, and session drops—this indicates a service-side authentication issue involving Microsoft Entra ID and the Databricks sign-in flow, rather than a misconfiguration within individual workspaces.

    As interim mitigation, you may try the following:

    Access the workspace using its direct workspace URL instead of regional links or saved bookmarks

    Clear browser cache and cookies, or use an Incognito/Private browsing session

    Ensure only one account session is active during sign-in

    Test with a different browser to rule out session-related inconsistencies

    If the issue persists, collect the Request ID, Correlation ID, and Timestamp from the error page and share them when contacting support. These details will assist the service team in analyzing the backend authentication flow.

    We are actively tracking similar occurrences and will provide updates as more information becomes available.

    Thank you for your understanding.

  2. Q&A Assist
    2026-03-18T13:42:43.5533333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error AADSTS90015: Requested query string is too long indicates that the URL (including its query string) being sent to Azure AD is exceeding supported limits. In Azure scenarios this typically happens when too much data is packed into query parameters (for example, very large tokens, state parameters, or claims), often during authentication or negotiation flows.

    In the provided context, a closely related case is Azure SignalR where access tokens or headers become too large and hit protocol limits:

    • For HTTP/2, a single header is limited to 4 KB.
    • For HTTP/1.1, the max URI length is about 12 KB and max header length about 16 KB.
    • When the generated access token exceeds 4 KB, /negotiate can return 413 Payload Too Large.

    The same underlying issue (too much data in query string or headers) can cause AADSTS90015 when Azure AD receives an overly long URL.

    To mitigate in an Azure Databricks/Azure AD scenario, apply the same principles used for Azure SignalR:

    1. Reduce token/claim size
      • Ensure that only necessary claims are included in tokens used for authentication.
      • If using a custom claims provider or similar mechanism, filter out non-essential claims before they are sent to Azure AD or downstream services.
      Example pattern from Azure SignalR (conceptually similar for any service that builds tokens): 
         services.AddSignalR()
           .AddAzureSignalR(options =>
               {
                   // pick up necessary claims only
                   options.ClaimsProvider = context => context.User.Claims.Where(...);
               });
    2. Avoid putting large data in query parameters
      • Do not encode large payloads (e.g., long state objects, serialized data, or large tokens) into the query string.
      • Prefer using cookies, POST bodies, or server-side state where supported by the authentication library or framework.
    3. Check custom redirects and state parameters
      • If Databricks or a custom app is constructing the Azure AD sign-in URL manually, verify that:
        • state or nonce parameters are small.
        • No unnecessary data is appended to the URL.
    4. Review any intermediate services
      • If there is a reverse proxy, gateway, or custom auth layer in front of Azure Databricks, confirm it is not expanding the URL (for example, by appending large headers or query parameters during redirects).
    5. If using libraries/SDKs
      • Ensure the latest versions of Azure AD / MSAL libraries are used, as they handle URL construction and token transport more efficiently and within limits.

    If the error occurs during a specific operation (for example, opening a workspace, running a job, or accessing a particular URL), capture the failing URL (without sensitive data) and look for unusually long query parameters or tokens; then reduce or reconfigure those as described above.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.