Google OpenID Connect: Receiving a 500 error when supplying the “max_age” parameter to an authentication request

Question

As required by Google, we are attempting to finish our migration from Google\'s previous OpenID Authentication flow to the new OpenID Connect implementation. Everything has

Answer 1

Google does not honor the max_age parameter and may be considered to be outside of the spec on that one. Yet they have sound reasoning for it (see: http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20150323/005445.html) that boils down to the fact that they don't want the RP to take full control over re-authentication with a "one size fits all" feature and some additional security considerations.

I'm hoping someone from Google will reply here as well with their plans going forward but for now there's nothing that you can do about it.