Is google still honoring the "max_age" request parameter in requests to https://accounts.google.com/o/oauth2/auth?

Asked 30/1, 2020 at 21:56 Answered 30/1, 2020 at 21:56

According to OIDC specs when an authentication request contains the max_age field

the ID Token returned MUST include an auth_time Claim Value

Starting January 28, we don't see the auth_time field returned in the ID Token returned from the google auth api.

Did anything changed on the Google side as far as honoring that flag is concerned?

Thank you!

Shutdown answered 30/1, 2020 at 21:56 Comment(0)