diff --git a/src/db/mod.rs b/src/db/mod.rs
index 907219e..2fb058d 100644
--- a/src/db/mod.rs
+++ b/src/db/mod.rs
@@ -14,7 +14,7 @@ mod cf;
 pub use cf::CFClient;
 
 const KV_CLIENT_PREFIX: &str = "clients";
-const ENTRY_LIFETIME: usize = 30;
+pub const ENTRY_LIFETIME: usize = 30;
 
 #[derive(Clone, Serialize, Deserialize)]
 pub struct CodeEntry {
diff --git a/src/oidc.rs b/src/oidc.rs
index 05b1853..3c1e68f 100644
--- a/src/oidc.rs
+++ b/src/oidc.rs
@@ -21,7 +21,7 @@ use openidconnect::{
 use rsa::{pkcs1::ToRsaPrivateKey, RsaPrivateKey};
 use serde::{Deserialize, Serialize};
 use siwe::eip4361::{Message, Version};
-use std::str::FromStr;
+use std::{str::FromStr, time};
 use thiserror::Error;
 use tracing::info;
 use urlencoding::decode;
@@ -231,11 +231,15 @@ pub async fn token(
     )
     .map_err(|e| anyhow!("{}", e))?;
 
-    Ok(CoreTokenResponse::new(
+    let mut response = CoreTokenResponse::new(
         access_token,
         CoreTokenType::Bearer,
         CoreIdTokenFields::new(Some(id_token), EmptyExtraTokenFields {}),
-    ))
+    );
+    response.set_expires_in(Some(&time::Duration::from_secs(
+        ENTRY_LIFETIME.try_into().unwrap(),
+    )));
+    Ok(response)
 }
 
 #[derive(Deserialize)]
@@ -461,7 +465,7 @@ pub async fn sign_in(
         nonce: params.oidc_nonce.clone(),
         exchange_count: 0,
         client_id: params.client_id.clone(),
-        auth_time: chrono::offset::Utc::now(),
+        auth_time: Utc::now(),
     };
 
     let code = Uuid::new_v4();