Closed whichperson closed 2 years ago
poovamraj
commented
2 years ago @whichperson The reference you are saying seems to be library-specific and not a generic standard. We usually try to keep our features compliant with the RFC-7519. Do you have any resources that point to a standardised implementation of this?
whichperson
commented
2 years ago @poovamraj Gzip compression is standard in Java. You can compress/decompress a String with this algorithm. It's in Java's docs https://docs.oracle.com/en/java/javase/18/docs/api/java.base/java/util/zip/GZIPInputStream.html.
poovamraj
commented
2 years ago Hi @whichperson though Gzip compression is a standard compression algorithm. JWT compression is not part of RFC 7519 which this library follows.
RFC-7516 seems to have a provision for compression but that is for JWE.
Even the library you mentioned seems to call out that it is non-standard and wouldn't be supported by other libraries. I think adding non-standard features would be wise at this point.
What I can suggest though is instead of compressing the token. You can do GZIP compression of all your authorities and then put the result as a claim value. This way your JWT will continue to be compliant with the standards.
We will keep an eye out for this in the standards but I don't see us taking this feature now. So we are closing this issue. Sorry about that.
Describe the problem you'd like to have solved
I have a huge problem where the access token is so long, the server rejects the HTTP requests. I use this library to generate access tokens. These tokens have a large amount of information (e.g. more than 100 user authorities in the form of a string). It is impossible to remove this information to make the token shorter. I'd prefer not to use a different library (like jjwt which has token compression), this one is actively maintained.
Describe the ideal solution
Add a token compression algorithm. I think this is a simple enough feature to add as existing libraries already have it implemented. I've also noticed other people need it.
Alternatives and current work-arounds
Use a different library. Much appreciated!
Additional information, if any