0

How do you measure the size of a JWT token? It is a long string value.

I would like the token to be less than 7 kb.

(https://medium.com/dataseries/public-claims-and-how-to-validate-a-jwt-1d6c81823826)

(https://stackoverflow.com/questions/26033983/what-is-the-maximum-size-of-jwt-token#:~:text=As%20a%20JWT%20is%20included,of%20room%20for%20other%20headers.)

HelloWorld1
  • 12,940
  • 25
  • 73
  • 128

1 Answers1

1

JWT is just 3 base64 strings, concatenated with . characters. So, unless you somehow force it into a wider character set, 1 character = 1 byte.

Total size will be a function of the signing algorithm in use, and the actual payload size. base64 has 3:4 overhead. So, your JWT will always be raw payload size * 1.25, plus signature and header. I usually just think of it as 1.5x overhead, and if you come in smaller that's a bonus.

All that said 7kb is pretty huge for something meant to be passed in an HTTP header. I don't know what the hard limit is, but practically speaking I like to stay under 1kb, and ideally under a few hundred characters.

superstator
  • 2,693
  • 28
  • 40
  • I still don't understand about how to measure the size of a token. Please take a look at this link (https://medium.com/dataseries/public-claims-and-how-to-validate-a-jwt-1d6c81823826) and you will find a a long string value – HelloWorld1 Dec 17 '20 at 17:38
  • 1
    It's just a string. 1 character = 1 byte, unless you're doing something weird like using utf16 or utf32 over HTTP – superstator Dec 17 '20 at 17:39
  • Thank you for your help! – HelloWorld1 Dec 17 '20 at 20:35