diff --git a/config/config.exs b/config/config.exs
index f7455cf97..c7ac0d22c 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -648,7 +648,7 @@ config :pleroma, :email_notifications,
   }
 
 config :pleroma, :oauth2,
-  token_expires_in: 600,
+  token_expires_in: 3600 * 24 * 30,
   issue_new_refresh_token: true,
   clean_expired_tokens: false
 
diff --git a/config/description.exs b/config/description.exs
index a663d8127..f4b8768da 100644
--- a/config/description.exs
+++ b/config/description.exs
@@ -2540,7 +2540,7 @@ config :pleroma, :config_description, [
         key: :token_expires_in,
         type: :integer,
         description: "The lifetime in seconds of the access token",
-        suggestions: [600]
+        suggestions: [2_592_000]
       },
       %{
         key: :issue_new_refresh_token,
diff --git a/lib/pleroma/mfa/token.ex b/lib/pleroma/mfa/token.ex
index 82d3817cc..69b64c0e8 100644
--- a/lib/pleroma/mfa/token.ex
+++ b/lib/pleroma/mfa/token.ex
@@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
   alias Pleroma.User
   alias Pleroma.Web.OAuth.Authorization
 
-  @expires 3600 * 24 * 30
+  @expires 300
 
   @type t() :: %__MODULE__{}
 
diff --git a/lib/pleroma/web/o_auth/authorization.ex b/lib/pleroma/web/o_auth/authorization.ex
index 268ee5b63..e766dcada 100644
--- a/lib/pleroma/web/o_auth/authorization.ex
+++ b/lib/pleroma/web/o_auth/authorization.ex
@@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
   alias Pleroma.User
   alias Pleroma.Web.OAuth.App
   alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.Token
 
   import Ecto.Changeset
   import Ecto.Query
@@ -53,7 +54,8 @@ defmodule Pleroma.Web.OAuth.Authorization do
   end
 
   defp add_lifetime(changeset) do
-    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
+    lifespan = Token.lifespan()
+    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
   end
 
   @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
diff --git a/lib/pleroma/web/o_auth/o_auth_view.ex b/lib/pleroma/web/o_auth/o_auth_view.ex
index f55247ebd..d22b2f7fe 100644
--- a/lib/pleroma/web/o_auth/o_auth_view.ex
+++ b/lib/pleroma/web/o_auth/o_auth_view.ex
@@ -13,7 +13,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do
       token_type: "Bearer",
       access_token: token.token,
       refresh_token: token.refresh_token,
-      expires_in: expires_in(),
+      expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
       scope: Enum.join(token.scopes, " "),
       created_at: Utils.format_created_at(token)
     }
@@ -25,6 +25,4 @@ defmodule Pleroma.Web.OAuth.OAuthView do
       response
     end
   end
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
diff --git a/lib/pleroma/web/o_auth/token.ex b/lib/pleroma/web/o_auth/token.ex
index 9170a7ec7..886117d15 100644
--- a/lib/pleroma/web/o_auth/token.ex
+++ b/lib/pleroma/web/o_auth/token.ex
@@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
     timestamps()
   end
 
+  def lifespan do
+    Pleroma.Config.get!([:oauth2, :token_expires_in])
+  end
+
   @doc "Gets token by unique access token"
   @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
   def get_by_token(token) do
@@ -83,11 +87,11 @@ defmodule Pleroma.Web.OAuth.Token do
   end
 
   defp put_valid_until(changeset, attrs) do
-    expires_in =
-      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
+    valid_until =
+      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))
 
     changeset
-    |> change(%{valid_until: expires_in})
+    |> change(%{valid_until: valid_until})
     |> validate_required([:valid_until])
   end
 
@@ -138,6 +142,4 @@ defmodule Pleroma.Web.OAuth.Token do
   end
 
   def is_expired?(_), do: false
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
diff --git a/test/pleroma/web/o_auth/mfa_controller_test.exs b/test/pleroma/web/o_auth/mfa_controller_test.exs
index 3c341facd..6ecd0f6c9 100644
--- a/test/pleroma/web/o_auth/mfa_controller_test.exs
+++ b/test/pleroma/web/o_auth/mfa_controller_test.exs
@@ -171,7 +171,6 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
       assert match?(
                %{
                  "access_token" => _,
-                 "expires_in" => 600,
                  "me" => ^ap_id,
                  "refresh_token" => _,
                  "scope" => "write",
@@ -280,7 +279,6 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
       assert match?(
                %{
                  "access_token" => _,
-                 "expires_in" => 600,
                  "me" => ^ap_id,
                  "refresh_token" => _,
                  "scope" => "write",
diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs
index 3221af223..ac22856ea 100644
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@@ -1105,7 +1105,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
                %{
                  "scope" => "write",
                  "token_type" => "Bearer",
-                 "expires_in" => 600,
                  "access_token" => _,
                  "refresh_token" => _,
                  "me" => ^ap_id
@@ -1145,7 +1144,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
                %{
                  "scope" => "write",
                  "token_type" => "Bearer",
-                 "expires_in" => 600,
                  "access_token" => _,
                  "refresh_token" => _,
                  "me" => ^ap_id
@@ -1228,7 +1226,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
                %{
                  "scope" => "write",
                  "token_type" => "Bearer",
-                 "expires_in" => 600,
                  "access_token" => _,
                  "refresh_token" => _,
                  "me" => ^ap_id