I've also posted this topic as a question, but I'm not getting an answer so I'm suggesting.
According to the oauth2.0 documentation(https://datatracker.ietf.org/doc/html/rfc6749), there is a sentence as follow:
"The authorization server SHOULD document the size of any value it issues."
I hope the Bitbucket OAuth documentation also mentions size of any value.