How much custom data can be put into a token (like: user_id, ip address, browser agent data)? Is it measured in number of characters?
1 Like
They don’t really have any limits per-say.
However, where you store them, might have limits. So if you put them in a webpage, no real limit, if you put them in a database, it depends on the binary field size (if sized), if you put it in a cookie then you have a rather small limit. So if you put it in a cookie, you’d definitely want Phoenix.Token if possible, the overhead of the other JWT fields makes JWT quite a bit larger than Phoenix.Token, but if space is not a concern then it does not matter.
The size they generate can be a bit random considering you will usually encrypt both, or at the very least sign them. Storing just a user id, ip address, and the browser agent in a Phoenix.Token should be fine if the browser agent is not too big (browsers can make them rather huge at times).
3 Likes
I meant the token it self, how much data it can store. I understand from your answer, that the token string itself gets longer the more data kept inside it. Logical. I thought there is some upper limit for how long an encrypted token string can be.
1 Like
Probably the available memory would be your hard limit. ^.^;
1 Like
Oh, I forgot about it 
Won’t reach those limits, for sure …
2 Likes
The original JWT RFC (https://tools.ietf.org/html/rfc7519) doesn’t indicate any max size. Moreover, glancing over the guardian JWT implementation didn’t overtly show any size constraints.
3 Likes
