Ways to support large number of scopes in OAuth?

ajaynarainmathur · October 30, 2022, 9:22am

Hi team,

As the product grows so does the number of entities, and permissions pool. The scopes are encoded in JWT and the web servers have a limit of 8kb ( going with least as of Node < 14 and default Tomcat limit ). What are some of the ways to bypass this. Are there any established ways to mapping or compressing scopes to avoid hitting the limit?

Thanks,

tyf · November 3, 2022, 11:00pm

Hi there @ajaynarainmathur!

Have you had a chance to look into using RBAC? This might help cut down on scopes/permissions per token by having a collection of permissions under each role.

system · November 22, 2022, 10:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Limit for number of scopes per API Help scope , limits	4	9018	August 29, 2019
Missing permission (scope) from the token if the user has more then 53 Help jwt , scopes	2	4489	July 13, 2020
Question in regards to JWT structure and server authorization Help jwt , api	2	3471	July 28, 2019
May I ask how many user roles/groups can be added to a JWT? JWT.io	3	2404	September 4, 2021
Auth0 JWT doesn't have requested API Scopes Help jwt , scopes	10	4416	September 4, 2021

Ways to support large number of scopes in OAuth?

Related topics