diff --git a/src/db/mod.rs b/src/db/mod.rs
index 03f2fb3..907219e 100644
--- a/src/db/mod.rs
+++ b/src/db/mod.rs
@@ -1,5 +1,6 @@
 use anyhow::Result;
 use async_trait::async_trait;
+use chrono::{offset::Utc, DateTime};
 use openidconnect::{Nonce, RedirectUrl};
 use serde::{Deserialize, Serialize};
 
@@ -21,6 +22,7 @@ pub struct CodeEntry {
     pub address: String,
     pub nonce: Option<Nonce>,
     pub client_id: String,
+    pub auth_time: DateTime<Utc>,
 }
 
 #[derive(Clone, Serialize, Deserialize)]
diff --git a/src/oidc.rs b/src/oidc.rs
index 97729cf..05b1853 100644
--- a/src/oidc.rs
+++ b/src/oidc.rs
@@ -214,7 +214,8 @@ pub async fn token(
         StandardClaims::new(SubjectIdentifier::new(code_entry.address)),
         EmptyAdditionalClaims {},
     )
-    .set_nonce(code_entry.nonce);
+    .set_nonce(code_entry.nonce)
+    .set_auth_time(Some(code_entry.auth_time));
 
     let pem = private_key
         .to_pkcs1_pem()
@@ -460,6 +461,7 @@ pub async fn sign_in(
         nonce: params.oidc_nonce.clone(),
         exchange_count: 0,
         client_id: params.client_id.clone(),
+        auth_time: chrono::offset::Utc::now(),
     };
 
     let code = Uuid::new_v4();