Max_age is an OPTIONAL parameter within OpenID Connect used int he Authentication Request to indicate the Maximum Authentication Age.

Specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated by the OP. If the elapsed time is greater than this value, the OP MUST attempt to actively re-authenticate the End-User.

The max_age request parameter corresponds to the OpenID 2.0 PAPE OpenID.PAPE max_auth_age request parameter.)

When Max_age is used, the Identity Token returned MUST include an auth_time Claim Value.

More Information#

There might be more information for this subject on one of the following: