Access token “clm” compression

To make self-contained (JWT-encoded) access tokens smaller and more efficient to pass around, the Connect2id server can compress the optional clm field that lists the names of the OpenID claims for release at the UserInfo endpoint.

Compression is based on a simple but highly effective dictionary algorithm. The Connect2id server determines which claim names to compress from a properties file that contains a numbered list of the claims:

WEB-INF/claimsCompression.properties

The shipped default configuration lists all standard OpenID claim names:

0  = sub
1  = email
2  = email_verified
3  = phone_number
4  = phone_number_verified
5  = name
6  = family_name
7  = given_name
8  = middle_name
9  = nickname
10 = preferred_username
11 = profile
12 = picture
13 = website
14 = gender
15 = birthdate
16 = zoneinfo
17 = locale
18 = updated_at
19 = address

To add a new claim name to the compression list, simply give it a unique index number.

20 = https://c2id.com/claims/roles

For optimal compression frequently requested claim names should be listed first. Rarely used claims should be put towards the end (larger index number). If you're not using a particular claim at all you may delete it from the list.

The compression list can also be specified via Java system properties. In that case prefix each claim name with op.claims.compressionDictionary., for example:

-Dop.claims.compressionDictionary.20=https://c2id.com/claims/roles

Claim names that are not in the list will still be included in the clm field of the JWT without compression.

How effective is the compression?

To illustrate, a JSON array consisting of all claim names listed above is compressed to the following bit set: "!__8P" (Base-64 encoded). That is a 98% space saving.