Auth0 Home Blog Docs

The generated token is too large

connections
social-connections
social
linkedin
database-connections

#1

Currently I have integrated Auth0 into an SPA using Database Password provider and things are working fine. I just added a social provider and when I try to login I am getting the below error.

error=invalid_request
error_description=The generated token is too large. Try with more specific scopes.

Can somebody please help?


#2

A SPA will likely be using the implicit grant which means by default issued tokens are included directly in the URL as part of the fragment component (the part after the #). Given URL’s are limited in size by browsers the service will error out with an explicit message if the generated token is likely to hit browser limits (the explicit error is better than whatever silent failure you could get from the browser not correctly handling the full URL).

Having said that this logic is unlikely to be an issue unless you’re including vast amounts of information in the issued token. The first thing to make sure is that you’re performing OIDC compliant authentication as that would mean only OIDC standard information is included in the issued ID token and that will significantly decrease the chances of hitting this error. In addition, ensure that if you’re including custom claims in the issued tokens then that the information you’re including is sufficiently small.

Finally, even ensuring the above two points may note address the situation if the issue is caused by a social provider that returns a vast amount of information in one of the OIDC standard fields. In that situation you may need to request scopes that don’t trigger the inclusion of such information in the issued tokens.


Best practices for custom claims using OIDC-conformant Auth0.js
#3

Hello jmangelo,

Your article was most informative. Thank you.

I’ve been struggling with this issue for months. Eventually I managed to catch a screen shot of the actual error message before is disappeared from my URL bar.:slight_smile:

I’m using Facebook as a social provider. Which used to work beautifully…until it didn’t :slight_smile:

Please could you please point me in the right direction here. Is this done through Facebook themselves, or is it an Auth0 setting?

Any pointers will be greatly appreciated. You’re already a life saver.

Ian Watson


#4

Hello jmangelo,

Ohhhhh, I see. Thank you.

After fiddling a bit, I realised that one limits the scope in the options of the lock widget.

I used:

auth: {
	responseType: 'token',		
	params: {
            scope: 'openid'
	}
}

And my problem is solved.

Regards,

Ian Watson