diff --git a/app/controllers/OAuth.scala b/app/controllers/OAuth.scala
index e93d50b0d9..6e9320ca89 100644
--- a/app/controllers/OAuth.scala
+++ b/app/controllers/OAuth.scala
@@ -1,17 +1,15 @@
 package controllers
 
-import views._
-
-import play.api.mvc._
+import cats.data.Validated
 import play.api.data.Form
 import play.api.data.Forms._
 import play.api.libs.json.Json
-import cats.data.Validated
-import reactivemongo.api.bson.BSONObjectID
-import org.joda.time.DateTime
+import play.api.mvc._
 import scalatags.Text.all.stringFrag
-import lila.app._
+import views._
+
 import lila.api.Context
+import lila.app._
 import lila.oauth.{ AccessToken, AccessTokenRequest, AuthorizationRequest, PersonalToken }
 
 final class OAuth(env: Env) extends LilaController(env) {
@@ -72,25 +70,16 @@ final class OAuth(env: Env) extends LilaController(env) {
         case Validated.Valid(prepared) =>
           env.oAuth.authorizationApi.consume(prepared) flatMap {
             case Validated.Valid(granted) =>
-              val expiresIn = 60 * 60 * 24 * 60
-              val token = AccessToken(
-                id = AccessToken.Id(lila.oauth.Protocol.Secret.random("lio_").value),
-                publicId = BSONObjectID.generate(),
-                clientId = PersonalToken.clientId, // TODO
-                userId = granted.userId,
-                createdAt = DateTime.now().some,
-                description = granted.redirectUri.clientOrigin.some,
-                scopes = granted.scopes,
-                clientOrigin = granted.redirectUri.clientOrigin.some,
-                expires = DateTime.now().plusSeconds(expiresIn).some
-              )
-              env.oAuth.tokenApi.create(token) inject Ok(
-                Json.obj(
-                  "token_type"   -> "bearer",
-                  "access_token" -> token.id.value,
-                  "expires_in"   -> expiresIn
+              env.oAuth.tokenApi.create(granted) map { token =>
+                Ok(
+                  Json
+                    .obj(
+                      "token_type"   -> "bearer",
+                      "access_token" -> token.id.value
+                    )
+                    .add("expires_in" -> token.expires.map(_.getSeconds - nowSeconds))
                 )
-              )
+              }
             case Validated.Invalid(err) => BadRequest(err.toJson).fuccess
           }
         case Validated.Invalid(err) => BadRequest(err.toJson).fuccess
diff --git a/modules/oauth/src/main/AccessTokenApi.scala b/modules/oauth/src/main/AccessTokenApi.scala
index b3d21d8812..7ab0e9d943 100644
--- a/modules/oauth/src/main/AccessTokenApi.scala
+++ b/modules/oauth/src/main/AccessTokenApi.scala
@@ -11,7 +11,22 @@ final class AccessTokenApi(colls: OauthColls)(implicit ec: scala.concurrent.Exec
   import OAuthScope.scopeHandler
   import AccessToken.{ BSONFields => F, _ }
 
-  def create(token: AccessToken) = colls.token(_.insert.one(token).void)
+  def create(token: AccessToken): Funit = colls.token(_.insert.one(token).void)
+
+  def create(granted: AccessTokenRequest.Granted): Fu[AccessToken] = {
+    val token = AccessToken(
+      id = AccessToken.Id(Protocol.Secret.random("lio_").value),
+      publicId = BSONObjectID.generate(),
+      clientId = PersonalToken.clientId, // TODO
+      userId = granted.userId,
+      createdAt = DateTime.now().some,
+      description = granted.redirectUri.clientOrigin.some,
+      scopes = granted.scopes,
+      clientOrigin = granted.redirectUri.clientOrigin.some,
+      expires = DateTime.now().plusMonths(2).some
+    )
+    create(token) inject token
+  }
 
   def listPersonal(user: User): Fu[List[AccessToken]] =
     colls.token {