diff --git a/src/backend/libpq/auth-oauth.c b/src/backend/libpq/auth-oauth.c
index 11365048951..3f46ab6b7bc 100644
--- a/src/backend/libpq/auth-oauth.c
+++ b/src/backend/libpq/auth-oauth.c
@@ -684,6 +684,13 @@ validate(Port *port, const char *auth)
 		goto cleanup;
 	}
 
+	/*
+	 * Store the token expiration time in the Port structure. This allows
+	 * the backend to enforce session limits.Validators should set this to
+	 * DT_NOBEGIN if no expiry is available.
+	 */
+	port->expiry = ret->expiry;
+
 	if (port->hba->oauth_skip_usermap)
 	{
 		/*
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
index 6570f27297b..add3800fbd4 100644
--- a/src/backend/libpq/pqcomm.c
+++ b/src/backend/libpq/pqcomm.c
@@ -319,6 +319,12 @@ pq_init(ClientSocket *client_sock)
 	Assert(socket_pos == FeBeWaitSetSocketPos);
 	Assert(latch_pos == FeBeWaitSetLatchPos);
 
+	/*
+	 * Set the initial session expiry to DT_NOBEGIN to indicate no value has been
+	 * provided yet.
+	 */
+	port->expiry = DT_NOBEGIN;
+
 	return port;
 }
 
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index 921b2daa4ff..9bc9625d0ba 100644
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -238,6 +238,14 @@ typedef struct Port
 	char	   *raw_buf;
 	ssize_t		raw_buf_consumed,
 				raw_buf_remaining;
+
+	/*
+	 * The expiration time of the authentication credential. If non-zero, it
+	 * represents the point in time after which the current session is considered
+	 * invalid.
+	 */
+	TimestampTz expiry;
+
 } Port;
 
 /*
diff --git a/src/include/libpq/oauth.h b/src/include/libpq/oauth.h
index 4a822e9a1f2..f15f759718f 100644
--- a/src/include/libpq/oauth.h
+++ b/src/include/libpq/oauth.h
@@ -49,6 +49,13 @@ typedef struct ValidatorModuleResult
 	 * delegation. See the validator module documentation for details.
 	 */
 	char	   *authn_id;
+
+	/*
+	 * The expiration time of the token (e.g., from the 'exp' claim).
+	 * If provided, the backend can use this to limit session duration.
+	 * Validators should set this to DT_NOBEGIN if no expiry is available.
+	 */
+	TimestampTz expiry;
 } ValidatorModuleResult;
 
 /*