diff --git a/ChangeLog b/ChangeLog
index e3eeddeb..bef8b0d1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,5 @@
-TODO:
-- store token type to pass into oidc_http_get/post calls (bearer/dpop)
-- implement DPoP off|optional|required (default: off)
-- support server provided nonce
-- certify for OIDC and FAPI2
+06/05/2024
+- add "nbf" claim in the Request Object as per https://openid.net/specs/openid-financial-api-part-2-1_0-final.html#rfc.section.5.2.2
 
 06/04/2024
 - add (client) support for RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP)
diff --git a/src/mod_auth_openidc.h b/src/mod_auth_openidc.h
index a657dcae..ab1658b3 100644
--- a/src/mod_auth_openidc.h
+++ b/src/mod_auth_openidc.h
@@ -106,6 +106,7 @@
 #define OIDC_CLAIM_JTI "jti"
 #define OIDC_CLAIM_EXP "exp"
 #define OIDC_CLAIM_IAT "iat"
+#define OIDC_CLAIM_NBF "nbf"
 #define OIDC_CLAIM_NONCE "nonce"
 #define OIDC_CLAIM_AT_HASH "at_hash"
 #define OIDC_CLAIM_C_HASH "c_hash"
diff --git a/src/proto/request.c b/src/proto/request.c
index 21f55611..d2daf783 100644
--- a/src/proto/request.c
+++ b/src/proto/request.c
@@ -343,6 +343,8 @@ static char *oidc_request_uri_request_object(request_rec *r, struct oidc_provide
 			    json_string(oidc_cfg_provider_issuer_get(provider)));
 	json_object_set_new(request_object->payload.value.json, OIDC_CLAIM_IAT,
 			    json_integer(apr_time_sec(apr_time_now())));
+	json_object_set_new(request_object->payload.value.json, OIDC_CLAIM_NBF,
+			    json_integer(apr_time_sec(apr_time_now())));
 	json_object_set_new(request_object->payload.value.json, OIDC_CLAIM_EXP,
 			    json_integer(apr_time_sec(apr_time_now()) + ttl));
 
diff --git a/test/test.c b/test/test.c
index 3d3b2333..68dc4fb8 100644
--- a/test/test.c
+++ b/test/test.c
@@ -1040,9 +1040,9 @@ static char *test_proto_validate_nonce(request_rec *r) {
 	oidc_jose_error_t err;
 	TST_ASSERT_ERR("oidc_jwt_parse", oidc_jwt_parse(r->pool, s_jwt, &jwt, NULL, FALSE, &err), r->pool, err);
 
-	TST_ASSERT("oidc_proto_validate_nonce (1)",
+	TST_ASSERT("oidc_proto_idtoken_validate_nonce (1)",
 		   oidc_proto_idtoken_validate_nonce(r, c, oidc_cfg_provider_get(c), nonce, jwt));
-	TST_ASSERT("oidc_proto_validate_nonce (2)",
+	TST_ASSERT("oidc_proto_idtoken_validate_nonce (2)",
 		   oidc_proto_idtoken_validate_nonce(r, c, oidc_cfg_provider_get(c), nonce, jwt) == FALSE);
 
 	oidc_jwt_destroy(jwt);