Welcome to my blog - Musings of a restless mind. I'm a full stack developer and in my spare time I like developing side projects and blogging about them. Hope you enjoy your time here!
If you return your claims in an access token then you might hit the size limit since access token are returned in the url, you might be better off returning your claims from the user info endpoint.
Rather than having access tokens in the browser, we'll use the BFF architecture to store only HttpOnly cookies in the browser and use a server based backend to manage our access tokens.