diff --git a/DigitalData.Core.Abstractions/Security/IAsymmetricTokenDescriptor.cs b/DigitalData.Core.Abstractions/Security/IAsymmetricTokenDescriptor.cs
index e1f2242..bfe0c27 100644
--- a/DigitalData.Core.Abstractions/Security/IAsymmetricTokenDescriptor.cs
+++ b/DigitalData.Core.Abstractions/Security/IAsymmetricTokenDescriptor.cs
@@ -11,6 +11,8 @@ namespace DigitalData.Core.Abstractions.Security
 
         string? ApiRoute { get; }
 
+        TimeSpan Lifetime { get; init; }
+
         #region SecurityTokenDescriptor Map
         /// <summary>
         /// Defines the compression algorithm that will be used to compress the JWT token payload.
diff --git a/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
index a4ab6e7..224e449 100644
--- a/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
+++ b/DigitalData.Core.Security/RSAKey/RSATokenDescriptor.cs
@@ -14,6 +14,8 @@ namespace DigitalData.Core.Security.RSAKey
 
         public IAsymmetricTokenValidator Validator => _lazyTokenValidator.Value;
 
+        public required TimeSpan Lifetime { get; init; }
+
         #region SecurityTokenDescriptor Map
         /// <summary>
         /// Gets or sets the value of the 'audience' claim.
@@ -32,8 +34,9 @@ namespace DigitalData.Core.Security.RSAKey
 
         /// <summary>
         /// Gets or sets the value of the 'expiration' claim. This value should be in UTC.
+        /// The expiration time is the sum of DateTime.Now and LifeTime.
         /// </summary>
-        public DateTime? Expires { get; set; }
+        public DateTime? Expires => DateTime.Now.AddTicks(Lifetime.Ticks);
 
         /// <summary>
         /// Gets or sets the issuer of this <see cref="SecurityTokenDescriptor"/>.