Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

In a project I'm working on we are using custom claims and JWT in our solution. We've encoded group membership in a custom top-level claim called "principals". This custom claim can be of some size and when it's automatically mirrored back to the ext structure the JWT get twice as big. Eventually the situation popped up where the size of the JWT was to big for browsers (4096-4097 byte limit usually) to transfer to the back end. As a result of this the JWT get partially transfered and the receiving backend is unable to validate and decode the token.

Describe your ideal solution

An ideal solution would be to introduce another configuration flag for hydra, which allows us to disable / enable this custom claim mirroring functionality.

A configuration flag for allowing custom top level claims already exist: oauth2.allowed_top_level_claims , adding another flag oauth2.mirror_top_level_claims: true / false (default: true) would enable us to reduce the size of the JWT token. This won't solve our issue permanently, but at least it would reduce the chance of it ever occuring. Accodring to #1974 this mirroring functionality is supposed to be a temporary solution to maintain backward compability. This suggested solution won't remove this backward compability, only allow users to disable it if wanted (default enabled).

Workarounds or alternatives

A alternative solution for us is forking hydra and adding this functionality to our fork. We really don't want to maintain our own fork, so having this functionality in upstream sources would be preferable for us.

Version

v1.10.5

Additional Context

No response