When login with different users some of them getting 431 error as browser see that token is too long , is there any way to solve this issue?
note that we return roles in token as it is needed in the system
If your system needs it from the token, then … good luck.
If you just need to retrieve this information in an OIDC context, you can map the roles into the userinfo endpoint, not into the token(s). This way, the tokens remain small and you can retrieve advanced information from the userinfo-endpoint by just calling it with the access_token. Good client-lib implementations are doing this implicity or by configuration.