diff --git a/Classes/Security/Authentication/Factory/TokenFactory.php b/Classes/Security/Authentication/Factory/TokenFactory.php
index beb79ca..d2332c1 100644
--- a/Classes/Security/Authentication/Factory/TokenFactory.php
+++ b/Classes/Security/Authentication/Factory/TokenFactory.php
@@ -55,6 +55,12 @@ class TokenFactory
      */
     protected $request;
 
+    /**
+     * @var int
+     * @Flow\InjectConfiguration(path="tokenLifetime")
+     */
+    protected $tokenLifetime;
+
     /**
      * @param $request
      */
@@ -79,10 +85,20 @@ public function getJsonWebToken(): string
             $payload['creationDate'] = $account->getCreationDate()->getTimestamp();
         }
 
-        // TODO Add refresh token + expire date
         if ($account->getExpirationDate() instanceof \DateTime) {
-            $payload['expirationDate'] = $account->getExpirationDate()->getTimestamp();
+            $payload['accountExpirationDate'] = $account->getExpirationDate()->getTimestamp();
+        }
+
+        if ($this->tokenLifetime > 0) {
+            $payload['exp'] = (new \DateTime())->getTimestamp() + $this->tokenLifetime;
+        }
+
+        if (array_key_exists('accountExpirationDate', $payload) && array_key_exists('exp', $payload)) {
+            if ($payload['accountExpirationDate'] < $payload['exp']) {
+                $payload['exp'] = $payload['accountExpirationDate'];
+            }
         }
         return $this->jwtService->createJsonWebToken($payload);
     }
+
 }
diff --git a/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php b/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php
index 9c1084b..360137e 100644
--- a/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php
+++ b/Classes/Security/Authentication/Provider/JwtAuthenticationProvider.php
@@ -9,6 +9,7 @@
 use Neos\Flow\Security\Authentication\TokenInterface;
 use Neos\Flow\Security\Exception\UnsupportedAuthenticationTokenException;
 use Neos\Flow\Security\Policy\PolicyService;
+use Neos\Party\Domain\Model\AbstractParty;
 use RFY\JWT\Security\Authentication\Token\JwtToken;
 use RFY\JWT\Security\JwtAccount;
 use RFY\JWT\Service\JwtService;
@@ -89,7 +90,12 @@ public function authenticate(TokenInterface $authenticationToken)
         $account = new JwtAccount();
         $account->setClaims($claims);
         $account->setAuthenticationProviderName('JwtAuthenticationProvider');
-        $account->setParty($this->partyRepository->findByIdentifier($claims->{'identifier'}));
+        $party = $this->partyRepository->findByIdentifier($claims->{'identifier'});
+        if (!$party instanceof AbstractParty) {
+            $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
+            return;
+        }
+        $account->setParty($party);
 
         $rolesClaim = $this->claimMapping['roles'];
         foreach ($rolesClaim as $key => $roleClaim) {
diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
index 4142b2d..ffd3236 100644
--- a/Configuration/Settings.yaml
+++ b/Configuration/Settings.yaml
@@ -30,3 +30,4 @@ RFY:
       - from: header
         name: Authorization
     claimMapping: []
+    tokenLifetime: 86400
diff --git a/composer.json b/composer.json
index 26e8c8d..a4109ee 100644
--- a/composer.json
+++ b/composer.json
@@ -5,7 +5,8 @@
   "license": "MIT",
   "require": {
     "neos/flow": "^7.0",
-    "firebase/php-jwt": "^5.2"
+    "firebase/php-jwt": "^5.2",
+    "neos/party": "^7.0"
   },
   "autoload": {
     "psr-4": {