OIDC does not specify size limit for these tokens but we are building a OIDC solution that requires to persist these tokens, and I want to not give too much space, so I wanted to know does Okta have size limit for them(I couldn’t find related documents on Okta dev).
For example, Google OIDC has a access token limit of 2048 and refresh token limit of 512.
There isn’t a size limit but you could be limited depending on the flow and browser you’re using. For example, if you’re using the implicit flow with IE11 then the maximum token size would be 8092 bytes.
It is usually recommended to keep the token size small.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.