If you try to auth with _many_ scopes and you are not already logged into Twitch you get a 502

[BarryCarlyon]

Brief description

If a user is not already logged into twitch and tries to go to a id.twitch token get a 502 instead of redirect to login.

This only occurs if you have more than a certain number of scopes, I've not debugged/traced how many scopes are needed to trip this behaviour

How to reproduce

1. Open an incognito (or log out)
2. Go to this auth link
3. Get a HTTP/nginx 502 instead of a redirect to login

Expected behavior

Redirect to login

Screenshots

Same link, top incognito bottom "regular" already logged in

[thedist]

One thing to note, it does not appear to be directly related to scopes but rather to be the URL length as I can request no scopes and still get a 502 if I include a state param that pushes the URL length to greater than 2,318 characters.

[Xemdo]

Internally ticketed as IDPLAT-7844