Skip to content
Connect2id

Access token compression

To make self-contained (JWT) access tokens smaller and more efficient to pass around, the Connect2id server can compress their clm field, which lists the names of the OpenID claims for release at the UserInfo endpoint.

Compression is based on a simple dictionary algorithm. The Connect2id server determines which claim names to compress from a properties file that contains a numbered list of the claims:

WEB-INF/claimsCompression.properties

The shipped default configuration lists all standard OpenID claim names:

0  = sub
1  = email
2  = email_verified
3  = phone_number
4  = phone_number_verified
5  = name
6  = family_name
7  = given_name
8  = middle_name
9  = nickname
10 = preferred_username
11 = profile
12 = picture
13 = website
14 = gender
15 = birthdate
16 = zoneinfo
17 = locale
18 = updated_at
19 = address

To add a new claim name to the compression list, simply give it a unique index number.

20 = https://c2id.com/claims/roles

For optimal compression frequently requested claim names should be listed first. Rarely used claims should be put towards the end (larger index number). If you’re not using a particular claim at all you may delete it from the list.

The compression list can also be specified via Java system properties. In that case prefix each claim name with op.claims.compressionDictionary., for example:

-Dop.claims.compressionDictionary.20=https://c2id.com/claims/roles

Claim names that are not in the list will still be included in the clm field of the JWT without compression.

How efficient is the compression?

To illustrate, a JSON array consisting of all claim names listed above is compressed to the following bit set: "!__8P" (Base-64 encoded). That is a 98% space saving.

Get in touch with Connect2id support if you need further assistance.

Was this helpful?

Rate limit reached. Try again after a minute.
Last updated:
CORS →