diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go
index 9c0166d..3d87f68 100644
--- a/internal/auth/jwt.go
+++ b/internal/auth/jwt.go
@@ -130,8 +130,12 @@ func (ja *JWTAuthenticator) ProvideJWT(user *schema.User) (string, error) {
 		"roles": user.Roles,
 		"iat":   now.Unix(),
 	}
-	if ja.config != nil && ja.config.MaxAge != 0 {
-		claims["exp"] = now.Add(time.Duration(ja.config.MaxAge)).Unix()
+	if ja.config != nil && ja.config.MaxAge != "" {
+		d, err := time.ParseDuration(ja.config.MaxAge)
+		if err != nil {
+			return "", errors.New("cannot parse max-age config key")
+		}
+		claims["exp"] = now.Add(d).Unix()
 	}
 
 	return jwt.NewWithClaims(jwt.SigningMethodEdDSA, claims).SignedString(ja.privateKey)