What's the length of the JWT token?

Question

gremo opened this issue 2 years ago · 2 comments

I can't find the information anywhere. I need to store the token in the database (for blacklisting logic)... what's the maximum length?

Answer 1 · 2023-02-01T20:50:36.000Z

Tokens often have an unpredictable size.
If you want to have a blacklist, you should only store the token ID (https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7) and not the token itself.

Answer 2 · 2023-02-02T10:27:22.000Z

Thanks. You mean I need to decode the JWT token server-side and use the ID in my custom logic?