My app is using a custom authentication provider and I also enabled custom user data by mapping to a user record on my DB. I discovered that this custom user data is encoded inside the JWT token and in my case contained some fields with potential large amount of data. At one point this caused the login to succeed but later calls failed since the token was too large. There is no indication that this is the case and only because I noticed the token was very large that I discovered this cause.
According to the docs, the limit is 16 MB
Avoid Storing Large Custom User Data
Custom user data is limited to16MB, the maximum size of a MongoDB document. To avoid hitting this limit, consider storing small and relatively static user data in each custom user data document, such as the user’s preferred language or the URL of their avatar image. For data that is large, unbounded, or frequently updated, consider only storing a reference to the data in the custom user document or storing the data with a reference to the user’s ID rather than in the custom user document.
Do you know if it was as large as that (I was a little surprised that it was now that high as it was 2K at one point)?
The problem is not the size of the custom data but the fact that the JWT token included the data and its size was ~170kb
That’s what I figured, I’ll follow up with engineering/docs.
Thanks for flagging this.
Hello, I’m having exactly this problem. After several days of entry, my app users are no longer able to login (as the JWT token got too big). At the moment I’m only storing ‘email’ via custom user data for the purpose of reading the realm logs better (partition key being email rather than user.id). Is there a better way to go about this?
The server is storing the entire user record mapped in custom user data inside the JWT token. In my case I did not use it so I disabled this feature. you should decode your JWT token and see what is causing the token to be bloated and maybe consider separating this data from the record.
Yeah okay, I can probably disable this feature as well. Thanks @michael_schiller! @Andrew_Morgan is this on the roadmap at this stage?