[keycloak-user] How to reduce the size of the access/refresh tokens in Keycloak?
Safouan BEN JHA
safwen.benjha at gmail.com
Fri May 3 03:04:39 EDT 2019
Hi all,
First of all, sorry if this email is not relevant to you. I am using the
keycloak-user at lists.jboss.org to ask for support as it was the only email I
could find.
I am setting a keycloack authentication server to allow authorized users to
access a protected resource (OAuth2.0).
The access will be done from an embedded device that has certain
restrictions. The main restriction is that the access and refresh tokens
cannot be saved if they are longer than 256 characters.
While in The OAuth 2.0 Authorization Framework
<https://tools.ietf.org/html/rfc6749> is silent about the token size, all
the identity providers are free to decide about the token size. For
example, Facebook's token is less than 256 bytes, the same for Google. But
for keycloack, I get a token around 850 bytes! I have tried several
encryption algorithms available in the admin console by I still get a large
jwt token. Decoding that jwt gives the following:
{
"jti": "d654564qsd-5fqsdf5-4qsdf-8b25qs-b556456",
"exp": 1556284611,
"nbf": 0,
"iat": 1556270211,
"iss": "http://myadress:myport/auth/realms/myrealm",
"aud": "myapp",
"sub": "45464-445645-4b45641e-456456-45645646",
"typ": "Bearer",
"azp": "myapp",
"auth_time": 1556269490,
"session_state": "cb95519c-0bf8-4b6b-94e4-a10d9000dbd2",
"acr": "0",
"allowed-origins": [],
"realm_access": {
"roles": [
"user"
]
},
"resource_access": {},
"scope": "readwrite"
}
I am actually not interested at all in the data in the tokens and I am not
parsing it. I just need the token to be able to access the resource. Hence,
is there a way to reduce the size of the token to less than 256? if no,
what is the best result I can get?
Thank you in advance
--
Ben Jha Safouan
*Embedded Software Engineer*
*Tel:* (+32) (0)499913560 - (+32) (0)497053670
*Email: *safwen.benjha at gmail.com
More information about the keycloak-user
mailing list