Enhance Security and Trust: New Session Metadata in Sign in with Google
Source
Google Ads Developer BlogEnhance Security and Trust: New Session Metadata in Sign in with Googlegoogleblog.comGoogle is enhancing Sign in with Google by introducing new OIDC standard claims—specifically auth_time and amr (Authentication Methods Reference) to provide developers with deeper session metadata. These updates allow verified apps to verify the "freshness" of a user's login and the specific authentication methods used (such as MFA or hardware keys), enabling more dynamic, risk-based access controls. By leveraging these federated identity signals, platforms can better prevent account takeover and fraud while implementing granular security policies like step-up authentication for sensitive actions.
You might also wanna read
Google Introduces Device-Bound Session Credentials to Combat Session Hijacking Attacks
Google has introduced Device-Bound Session Credentials (DBSC), a new security mechanism designed to prevent session hijacking by cryptograph
feistyduck.com·10mo ago
AGG Labs launches streamlined OIDC/OAuth2 identity provider for developers
AGG Labs introduces AGG Labs SSO, a lightweight, secure OIDC (OpenID Connect) and OAuth2 identity provider designed for developers. The tool
Cloudflare One, Access - Refreshed Access login page
Cloudflare·1mo ago
5 Best Practices for Secure Identity Verification in an Era of AI-Assisted Credential Theft
Credential theft contributed to one in five data breaches in 2025, with attackers using AI-assisted tactics to bypass weak identity verifica
hendryadrian.com·24d agoGlobal Privacy Control Browser Tool Creates Compliance Challenges for Website Operators
The Global Privacy Control (GPC) is a browser-based tool that lets users signal their privacy preferences with a single click, requiring web
Google rolls out Device Bound Session Credentials security feature for Chrome on Windows
Google is rolling out a security feature called Device Bound Session Credentials (DBSC) for Chrome on Windows, moving it from beta to genera
androidauthority.com·1mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.