diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go
index 5289b2a9b96b..c373a985b782 100644
--- a/selfservice/strategy/oidc/strategy.go
+++ b/selfservice/strategy/oidc/strategy.go
@@ -15,6 +15,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"golang.org/x/exp/maps"
+
 	"github.com/ory/x/urlx"
 
 	"go.opentelemetry.io/otel/attribute"
@@ -384,12 +386,16 @@ func (s *Strategy) HandleCallback(w http.ResponseWriter, r *http.Request, ps htt
 	var (
 		code = stringsx.Coalesce(r.URL.Query().Get("code"), r.URL.Query().Get("authCode"))
 		pid  = ps.ByName("provider")
+		err  error
 	)
 
 	ctx := r.Context()
 	ctx = context.WithValue(ctx, httprouter.ParamsKey, ps)
 	r = r.WithContext(ctx)
 
+	ctx, span := s.d.Tracer(ctx).Tracer().Start(ctx, "strategy.oidc.ExchangeCode")
+	defer otelx.End(span, &err)
+
 	req, cntnr, err := s.ValidateCallback(w, r)
 	if err != nil {
 		if req != nil {
@@ -447,11 +453,13 @@ func (s *Strategy) HandleCallback(w http.ResponseWriter, r *http.Request, ps htt
 		}
 	}
 
-	if err := claims.Validate(); err != nil {
+	if err = claims.Validate(); err != nil {
 		s.forwardError(w, r, req, s.handleError(w, r, req, pid, nil, err))
 		return
 	}
 
+	span.SetAttributes(attribute.StringSlice("claims", maps.Keys(claims.RawClaims)))
+
 	switch a := req.(type) {
 	case *login.Flow:
 		if ff, err := s.processLogin(w, r, a, et, claims, provider, cntnr); err != nil {