diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index b3f7296..b3829d8 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,7 +1,6 @@
 name: Test
 
-on:
-  push
+on: [push, pull_request]
 
 jobs:
     unit-test: 
diff --git a/config/config.go b/config/config.go
index 62566d9..0f9e672 100644
--- a/config/config.go
+++ b/config/config.go
@@ -88,6 +88,8 @@ type Verifier struct {
 	GenerateKey bool `mapstructure:"generateKey" default:"true"`
 	// path to the private key for jwt signatures
 	KeyPath string `mapstructure:"keyPath"`
+	// expiration time in minutes for JWT tokens
+	JwtExpiration int `mapstructure:"jwtExpiration" default:"30"`
 }
 
 type ClientIdentification struct {
diff --git a/config/provider_test.go b/config/provider_test.go
index 10eaa8c..c943d43 100644
--- a/config/provider_test.go
+++ b/config/provider_test.go
@@ -51,6 +51,7 @@ func Test_ReadConfig(t *testing.T) {
 					KeyAlgorithm:          "RS256",
 					GenerateKey:           true,
 					SupportedModes:        []string{"urlEncoded"},
+					JwtExpiration:		 30,
 				},
 				Logging: Logging{
 					Level:       "DEBUG",
@@ -117,6 +118,7 @@ func Test_ReadConfig(t *testing.T) {
 					KeyAlgorithm:   "RS256",
 					GenerateKey:    true,
 					SupportedModes: []string{"urlEncoded"},
+					JwtExpiration:  30,
 				},
 				Logging: Logging{
 					Level:       "INFO",
diff --git a/verifier/verifier.go b/verifier/verifier.go
index 0cb55c9..5a4ddc0 100644
--- a/verifier/verifier.go
+++ b/verifier/verifier.go
@@ -132,6 +132,8 @@ type CredentialVerifier struct {
 	clientIdentification configModel.ClientIdentification
 	// config of the verifier
 	verifierConfig configModel.Verifier
+	// JWT token expiration time in minutes
+	jwtExpiration time.Duration
 }
 
 // allow singleton access to the verifier
@@ -351,6 +353,7 @@ func InitVerifier(config *configModel.Configuration) (err error) {
 		&didSigningKey,
 		verifierConfig.ClientIdentification,
 		*verifierConfig,
+		time.Duration(verifierConfig.JwtExpiration) * time.Minute,
 	}
 
 	logging.Log().Debug("Successfully initalized the verifier")
@@ -1101,7 +1104,7 @@ func (v *CredentialVerifier) generateAuthenticationRequest(base string, clientId
 // generate a jwt, containing the credential and mandatory information as defined by the dsba-convergence
 func (v *CredentialVerifier) generateJWT(credentials []map[string]interface{}, holder string, audience string, flatValues bool) (generatedJwt jwt.Token, err error) {
 
-	jwtBuilder := jwt.NewBuilder().Issuer(v.GetHost()).Audience([]string{audience}).Expiration(v.clock.Now().Add(time.Minute * 30))
+	jwtBuilder := jwt.NewBuilder().Issuer(v.GetHost()).Audience([]string{audience}).Expiration(v.clock.Now().Add(v.jwtExpiration))
 
 	if holder != "" {
 		jwtBuilder.Subject(holder)