diff --git a/src/api/private/tokens/tokens.controller.ts b/src/api/private/tokens/tokens.controller.ts
index 18210ad21..04ad4e138 100644
--- a/src/api/private/tokens/tokens.controller.ts
+++ b/src/api/private/tokens/tokens.controller.ts
@@ -37,12 +37,14 @@ export class TokensController {
 
   @Post()
   async postTokenRequest(
-    @Body() label: string,
+    @Body('label') label: string,
+    @Body('until') until: number,
   ): Promise<AuthTokenWithSecretDto> {
     // ToDo: Get real userName
     const authToken = await this.usersService.createTokenForUser(
       'hardcoded',
       label,
+      until,
     );
     return this.usersService.toAuthTokenWithSecretDto(authToken);
   }
diff --git a/src/users/auth-token.entity.ts b/src/users/auth-token.entity.ts
index 2497957e1..e391fa83e 100644
--- a/src/users/auth-token.entity.ts
+++ b/src/users/auth-token.entity.ts
@@ -6,7 +6,6 @@
 
 import { Column, CreateDateColumn, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
 import { User } from './user.entity';
-import { Type } from 'class-transformer';
 
 @Entity()
 export class AuthToken {
@@ -25,16 +24,21 @@ export class AuthToken {
   @Column({ unique: true })
   accessToken: string;
 
+  @Column({ type: 'date' })
+  validUntil: Date;
+
   public static create(
     user: User,
     identifier: string,
     accessToken: string,
+    validUntil: Date,
   ): Pick<AuthToken, 'user' | 'accessToken'> {
     const newToken = new AuthToken();
     newToken.user = user;
     newToken.identifier = identifier;
     newToken.accessToken = accessToken;
     newToken.createdAt = new Date();
+    newToken.validUntil = validUntil;
     return newToken;
   }
 }
diff --git a/src/users/users.service.ts b/src/users/users.service.ts
index e27f453e4..58d9c966a 100644
--- a/src/users/users.service.ts
+++ b/src/users/users.service.ts
@@ -12,7 +12,7 @@ import { ConsoleLoggerService } from '../logger/console-logger.service';
 import { UserInfoDto } from './user-info.dto';
 import { User } from './user.entity';
 import { AuthToken } from './auth-token.entity';
-import { hash } from 'bcrypt'
+import { hash, compare } from 'bcrypt'
 import crypt from 'crypto';
 import { AuthTokenDto } from './auth-token.dto';
 import { AuthTokenWithSecretDto } from './auth-token-with-secret.dto';
@@ -36,12 +36,13 @@ export class UsersService {
   async createTokenForUser(
     userName: string,
     identifier: string,
+    until: number,
   ): Promise<AuthToken> {
     const user = await this.getUserByUsername(userName);
-    const randomString = crypt.randomBytes(64).toString('base64');
+    const randomString = crypt.randomBytes(64).toString('base64url');
     const accessToken = await this.hashPassword(randomString);
-    const token = AuthToken.create(user, identifier, accessToken);
-    const createdToken = this.authTokenRepository.save(token);
+    const token = AuthToken.create(user, identifier, accessToken, new Date(until));
+    const createdToken = await this.authTokenRepository.save(token);
     return {
       accessToken: randomString,
       ...createdToken,
@@ -66,9 +67,14 @@ export class UsersService {
     return user;
   }
 
-  async hashPassword(password: string): Promise<string> {
+  async hashPassword(cleartext: string): Promise<string> {
     // hash the password with bcrypt and 2^16 iterations
-    return hash(password, 16)
+    return hash(cleartext, 16)
+  }
+
+  async checkPassword(cleartext: string, password: string): Promise<boolean> {
+    // hash the password with bcrypt and 2^16 iterations
+    return compare(cleartext, password)
   }
 
   async getUserByAuthToken(token: string): Promise<User> {