Open iaggocapitanio1 opened 3 months ago
I totally agree with this
Yes please I am suffering from this too; wouldn't it be as simple as changing token field from CharField to TextField?
@iaggocapitanio1 Feel free to submit a PR, but see below:
@makeevolution since the Access Token is indexed for searching, converting from a CharField of limited length to a TextField blob of indeterminate length may prevent it from being indexed (e.g. with MySQL and possibly other databases) leading to significant performance degradation every time a token is searched for in oauth2_validators
.
I seem to recall having a similar discussion (but can't remember where:-) about having a TextField in a model and adding another column which is a short CharField cryptographic checksum of the TextField. Then the search can use the token checksum instead of the token value. Does that make sense?
yes it makes sense, I will bring a PR ASAP
@iaggocapitanio1 perhaps you have made progress? Just wondering :)
Problem Description
When using django-oauth-toolkit to issue JWT tokens, the current implementation imposes a 255 character limit on token size. This restriction becomes problematic when adding additional claims to the JWT, such as user roles, permissions, or other user-specific data. For example, including a longer username or additional claims exceeds the limit, causing the application to crash.
Proposed Solution
I propose removing the 255 character limit on tokens. JWT tokens are designed to be extensible and should support a variable length to accommodate different use cases. By removing this limit, django-oauth-toolkit can offer more flexibility in issuing JWTs, making it a more robust solution for modern OAuth 2.0 applications that rely on JWT for extensive user claims.
Example Scenario
Below is an example scenario where the current token size limit is problematic:
In this scenario, if we add more items to the claim or if the
username
is longer, the token size can easily exceed 255 characters, leading to application failures.Benefits
Conclusion
Removing the 255 character limit on tokens in django-oauth-toolkit will provide developers with the needed flexibility to use JWTs effectively in their applications. This change will make the toolkit a more adaptable and forward-looking solution for OAuth 2.0 implementations.