Reputation: 14108
How to Measure the Size of JWT?
How do you measure the size of a JWT token? It is a long string value.
I would like the token to be less than 7 kb.
(https://medium.com/dataseries/public-claims-and-how-to-validate-a-jwt-1d6c81823826)
Upvotes: 4
Views: 8240
Answers (1)
Reputation: 3208
JWT is just 3 base64 strings, concatenated with . characters. So, unless you somehow force it into a wider character set, 1 character = 1 byte.
Total size will be a function of the signing algorithm in use, and the actual payload size. base64 has 3:4 overhead. So, your JWT will always be raw payload size * 1.25, plus signature and header. I usually just think of it as 1.5x overhead, and if you come in smaller that's a bonus.
All that said 7kb is pretty huge for something meant to be passed in an HTTP header. I don't know what the hard limit is, but practically speaking I like to stay under 1kb, and ideally under a few hundred characters.
Upvotes: 6
Related Questions
- How to validate a JWT token
- JWT token expiration check
- View JWT Token on jwt.io
- Verifying jwt tokens [rsa]
- Short Length Authentication Token
- How to verify that a string is JWT token?
- How to check JWT token expiration time without secret?
- JWT access token public information and size
- how to check if J.W.T token in local storage is legit?
- Vert.X Inspect JWT token for expiration time