diff --git a/api/policies/authenticated.js b/api/policies/authenticated.js
index 1d44d2868..0218e6f27 100644
--- a/api/policies/authenticated.js
+++ b/api/policies/authenticated.js
@@ -39,7 +39,7 @@ module.exports = function authenticated(request, response, next) {
       return response.json(401, {message: 'Given authorization token is not valid', logout: true});
     } else {
       // Store user id to request object
-      request.token = token;
+      request.token = token.id.toString();
 
       // We delete the token from query and body to not mess with blueprints
       request.query && delete request.query.token;
diff --git a/api/services/Token.js b/api/services/Token.js
index 77dfbba96..056cc461b 100644
--- a/api/services/Token.js
+++ b/api/services/Token.js
@@ -20,7 +20,8 @@ module.exports.issue = function issue(payload) {
 
     return jwt.sign(
         payload, // This is the payload we want to put inside the token
-        process.env.TOKEN_SECRET || "oursecret" // Secret string which will be used to sign the token
+        process.env.TOKEN_SECRET || "oursecret", // Secret string which will be used to sign the token
+        { expiresIn: parseInt(process.env.KONGA_JWT_TOKEN_EXPIRY || 60 * 60 )}
     );
 };