Javascript - What is the maximum length of a token generated by jsonwebtoken npm package?

AnshumanGarg
January 23, 2024
211 views
0 votes
2 Answers

I’m using the jwt.sign() method with an object ({username: String}) as the payload to create a refresh token. I want to then store the refresh token (in hex form) in a MySQL database and therefore want to know the maximum possible length of the token.

I understand that jsonwebtoken uses SHA256 by default, so I thought the generated token would be 64 characters as I’m converting it to hex, but it was above 100 characters and different lengths for different usernames.

Answers

- Abhishek
- January 23, 2024 at 1:57 pm
- 0 votes
0
I am not sure if there is a limit, but you can manage the token’s length by passing a limited amount of data when creating the JWT token.

Login or Signup to reply.

- RajatKumar
- January 23, 2024 at 2:08 pm
- 0 votes
0
First of all the base64 encoding does not mean any string will be encoded in 64 length of character.

There is not any maximum limit. Even the length of a JWT is not strictly defined by the JWT specification itself. The length of JWT can be vary depending on the size of your json header and payload.

Jwt consist of three parts
1. Header: base64url encoded
2. Payload: base64url encoded
3. Signature: The signature is the result of applying the specified algorithm to the encoded header and encoded payload with a secret key.
So the length can vary depending on the header, payload and the algorithms used to encode it.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Javascript – What is the maximum length of a token generated by jsonwebtoken npm package?

Answers