I have been working on IdentityServer3 and I observed that my Access Token (and Identity token) is getting too large (up to 3000+ chars) in case of Implicit flow, while same server is returning access token of about 20-30 chars against Resource Owner flow. Is this issue is specific to Flows or I'm doing something wrong...???
What I'm have in my visual studio solution is
Once I login into mvc app, it gets a pretty large access token (and identity token), but in case of console app it just returns a nice and compact one. Why is the difference here...???
I think, you got the access token of Jwt type token in case of implicit flow. It contains list of claims. Where as in resource owner flow, you got reference token. It does not contain claims.