Is there a size limit on the token object in the JWT callback?

[MaxOrelus]

If I add one extra field value to the token object during the JWT callback, everything works fine (adding id_token). If I try to add another long-winded string field value to the token object, things go array. Is there some logic that I'm not aware of that is causing authentication to become unstable?

async jwt({ token, account }) {
      if (account) {
        let { id_token, access_token, refresh_token, expires_at } = account;

        token.id_token = id_token;
        token.expires_at = expires_at;
        token.refresh_token = refresh_token;
      }

      return token;
    }

[balazsorban44]

NextAuth.js v4 introduced cookie chunking, which should avoid any size-limit issues.

It means if a cookie is going to be bigger than the browser limit (generally 4kb), NextAuth.js will chunk the cookie and save it in multiple ones. It will then stitch it back together when reading it on the backend.

You shouldn't have to do anything for this to work. Make sure you are on latest though.