Warning about custom user data with authentication

My app is using a custom authentication provider and I also enabled custom user data by mapping to a user record on my DB. I discovered that this custom user data is encoded inside the JWT token and in my case contained some fields with potential large amount of data. At one point this caused the login to succeed but later calls failed since the token was too large. There is no indication that this is the case and only because I noticed the token was very large that I discovered this cause.

According to the docs, the limit is 16 MB

Avoid Storing Large Custom User Data
Custom user data is limited to 16MB , the maximum size of a MongoDB document. To avoid hitting this limit, consider storing small and relatively static user data in each custom user data document, such as the user’s preferred language or the URL of their avatar image. For data that is large, unbounded, or frequently updated, consider only storing a reference to the data in the custom user document or storing the data with a reference to the user’s ID rather than in the custom user document.

Do you know if it was as large as that (I was a little surprised that it was now that high as it was 2K at one point)?

The problem is not the size of the custom data but the fact that the JWT token included the data and its size was ~170kb

That’s what I figured, I’ll follow up with engineering/docs.

Thanks for flagging this.