A SPA will likely be using the implicit grant which means by default issued tokens are included directly in the URL as part of the fragment component (the part after the #
). Given URL’s are limited in size by browsers the service will error out with an explicit message if the generated token is likely to hit browser limits (the explicit error is better than whatever silent failure you could get from the browser not correctly handling the full URL).
Having said that this logic is unlikely to be an issue unless you’re including vast amounts of information in the issued token. The first thing to make sure is that you’re performing OIDC compliant authentication as that would mean only OIDC standard information is included in the issued ID token and that will significantly decrease the chances of hitting this error. In addition, ensure that if you’re including custom claims in the issued tokens then that the information you’re including is sufficiently small.
Finally, even ensuring the above two points may note address the situation if the issue is caused by a social provider that returns a vast amount of information in one of the OIDC standard fields. In that situation you may need to request scopes that don’t trigger the inclusion of such information in the issued tokens.