My team and I are currently upgrading our auth0 based sso application to rails 7 and the access token coming back is too large to store in the cookie with the other elements. We do have custom claims and I noticed that auth0 once had a fixed access token setting that would keep the size of the token down to a minimum. Right now, on redirect the token is 4336 bytes in total with all required data. Of course we need to be underneath 4,000 bytes. What can we do to fix this issue, as its a blocker for our mandatory upgrades?
If you check the token, is most of it the custom claim? Auth0 won’t be able to do much if this is the case. Can you share an example of a token you have? (without the signature)
Some tips:
- Try to encode values as much as possible, e.g. reduce long names with abbreviations.
- If you have a long list of values and they are static, you can use a bitmap to represent them.