[openid-specs-rande] 2kb useable limit?

Mischa Salle msalle at nikhef.nl
Thu May 23 16:45:56 UTC 2019 

Hi,

just to forward what I also wrote on the WLCG AuthZ WG mailing list:

> just a small note on the token size, also keep in mind that they are
> (typically) transported as JWT with signature and header and that you
> can remove some whitespace. All kinds of things that might influence the
> size. The size limitation might have to do with their use as bearer
> tokens, meaning they're (often) put in a Authorization header, see the
> OAuth2 bearer token RFC https://tools.ietf.org/html/rfc6750
> which might or might not be such a good idea...

headers have no strict maximum size, but are often limited to 4kB or
8kB in webservers (although usually can also be increased).

Where did you get the 2k limitation?

Cheers,
Mischa



On Thu, May 23, 2019 at 04:36:10PM +0000, Nick Roy wrote:
> I found this thread, may be useful:
> 
> https://stackoverflow.com/questions/26033983/what-is-the-maximum-size-of-jwt-token
> 
> Nick
> 
> On 23 May 2019, at 9:41, Hannah Short wrote:
> 
> > Hi everyone,
> >
> > I'm wondering whether anyone can clarify why there is a recommended limit
> > of 2kb for OIDC tokens? Is this a limitation in a common library, or a
> > length restriction of HTTP Headers, for example?
> >
> > Cheers,
> > Hannah
> > -- 
> > openid-specs-rande mailing list
> > openid-specs-rande at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-rande



> -- 
> openid-specs-rande mailing list
> openid-specs-rande at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-rande


-- 
Nikhef                      Room  H155
Science Park 105            Tel.  +31-20-592 5102
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190523/3eee9615/attachment.asc>

More information about the openid-specs-rande mailing list