Access token compression

The Connect2id server can compress the claims (clm) field of self-contained (JWT-encoded) access tokens.

Token size may matter in IE browsers that impose a 2000 character URL limit, but this is a problem only with the implicit OAuth grant. Clients using the authorisation code grant are not concerned by this.

Smaller tokens should also be more efficient to pass around.

A large space saving can be achieved by compressing the claims (clm) field of tokens which lists the names of OpenID claims to release at the UserInfo endpoint. The Connect2id server uses a simple dictionary to compress common claim names into a tight bit set:

WEB-INF/claimsCompression.properties

The shipped compression dictionary lists the standard OpenID claim names:

0  = sub
1  = email
2  = email_verified
3  = phone_number
4  = phone_number_verified
5  = name
6  = family_name
7  = given_name
8  = middle_name
9  = nickname
10 = preferred_username
11 = profile
12 = picture
13 = website
14 = gender
15 = birthdate
16 = zoneinfo
17 = locale
18 = updated_at
19 = address

Just how efficient is compression?

To illustrate, an array consisting of all claim names listed above is compressed to the following bit set: "!__8P" (Base-64 encoded). This is 2% of the original size.

A claim can be added to the dictionary by simply listing its name and providing it with a unique index number. Don't worry, claim names that are not in the dictionary will still be included in the access token, but will not be compressed.

If you're not using a particular claim at all you may delete it from the list. Just make sure there are no gaps in the index.

For maximum compression frequently requested claim names must be listed first. Rarely used claims should be towards the bottom (larger index number).

Should you need assistance, get in touch with Connect2id support.