diff --git a/server/handlers.go b/server/handlers.go
index 02c1881b..fe7a1928 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -143,6 +143,7 @@ func (s *Server) handleAuthorization(w http.ResponseWriter, r *http.Request) {
 		s.renderError(w, http.StatusInternalServerError, err.Type, err.Description)
 		return
 	}
+	authReq.Expiry = s.now().Add(time.Minute * 30)
 	if err := s.storage.CreateAuthRequest(authReq); err != nil {
 		log.Printf("Failed to create authorization request: %v", err)
 		s.renderError(w, http.StatusInternalServerError, errServerError, "")
@@ -342,7 +343,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authReq storage.AuthRequest) {
-	if authReq.Expiry.After(s.now()) {
+	if s.now().After(authReq.Expiry) {
 		s.renderError(w, http.StatusBadRequest, errInvalidRequest, "Authorization request period has expired.")
 		return
 	}
@@ -373,7 +374,7 @@ func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authRe
 				Nonce:       authReq.Nonce,
 				Scopes:      authReq.Scopes,
 				Claims:      authReq.Claims,
-				Expiry:      s.now().Add(time.Minute * 5),
+				Expiry:      s.now().Add(time.Minute * 30),
 				RedirectURI: authReq.RedirectURI,
 			}
 			if err := s.storage.CreateAuthCode(code); err != nil {