I am finding the size of the token returned from keycloak is too large to
use as a bearer Authorization header when making subsequent api requests
from my application via our nodejs express server.
This happens after I add many roles to the user account I am using. When
removing enough roles, eventually they size of the header is allowed
through.
Is it possible to not include user roles in the token issued to a user when
authenticating?
I could then retrieve the users roles after logging in to our application
through some other means, e.g userinfo endpoint?
Thanks
Show replies by date