I’m working with a legacy system that requires a JWT that contains some app_data (contained in the id_token) by using the “openid profile” scopes. I’m using auth0.js. My issue is that I’m having the error
The generated token is too large. Try with more specific scopes.. This works when I use server-side authentication.
I understand the length limitation. I first thought I’d simply disable this limit for my specific use case, but I didn’t find any way to do so. So my second and better idea was to first get a normal “access_token” using only the “openid” scope, and then get the “id_token” from Auth0’s API. Similar to how I get the same information using “/userinfo”.
Is there any way I can get a full id_token, like the one I would get if I used the scopes openid and profile, when I already have an access_token?
If not, is there any alternative? I understand it would be better if all the involved servers did not need the full id_token, but for now that’s what I have to work with.