diff --git a/app/models.py b/app/models.py
index a3ca4ff3..384277d4 100644
--- a/app/models.py
+++ b/app/models.py
@@ -235,6 +235,14 @@ class User(db.Model, ModelMixin, UserMixin):
         return "".join([n[0].upper() for n in names if n])
 
 
+def _expiration_1h():
+    return arrow.now().shift(hours=1)
+
+
+def _expiration_5m():
+    return arrow.now().shift(minutes=5)
+
+
 class ActivationCode(db.Model, ModelMixin):
     """For activate user account"""
 
@@ -243,7 +251,7 @@ class ActivationCode(db.Model, ModelMixin):
 
     user = db.relationship(User)
 
-    expired = db.Column(ArrowType)
+    expired = db.Column(ArrowType, default=_expiration_1h)
 
 
 class ResetPasswordCode(db.Model, ModelMixin):
@@ -254,7 +262,7 @@ class ResetPasswordCode(db.Model, ModelMixin):
 
     user = db.relationship(User)
 
-    expired = db.Column(ArrowType, nullable=False)
+    expired = db.Column(ArrowType, nullable=False, default=_expiration_1h)
 
 
 class Partner(db.Model, ModelMixin):
@@ -360,6 +368,11 @@ class AuthorizationCode(db.Model, ModelMixin):
     user = db.relationship(User, lazy=False)
     client = db.relationship(Client, lazy=False)
 
+    expired = db.Column(ArrowType, nullable=False, default=_expiration_5m)
+
+    def is_expired(self):
+        return self.expired < arrow.now()
+
 
 class OauthToken(db.Model, ModelMixin):
     access_token = db.Column(db.String(128), unique=True)
@@ -375,6 +388,11 @@ class OauthToken(db.Model, ModelMixin):
     user = db.relationship(User)
     client = db.relationship(Client)
 
+    expired = db.Column(ArrowType, nullable=False, default=_expiration_1h)
+
+    def is_expired(self):
+        return self.expired < arrow.now()
+
 
 def generate_email() -> str:
     """generate an email address that does not exist before"""
diff --git a/migrations/versions/4fac8c8a704c_.py b/migrations/versions/4fac8c8a704c_.py
new file mode 100644
index 00000000..1b7d63be
--- /dev/null
+++ b/migrations/versions/4fac8c8a704c_.py
@@ -0,0 +1,31 @@
+"""empty message
+
+Revision ID: 4fac8c8a704c
+Revises: 507afb2632cc
+Create Date: 2019-08-17 22:16:40.628595
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '4fac8c8a704c'
+down_revision = '507afb2632cc'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('authorization_code', sa.Column('expired', sqlalchemy_utils.types.arrow.ArrowType(), nullable=False))
+    op.add_column('oauth_token', sa.Column('expired', sqlalchemy_utils.types.arrow.ArrowType(), nullable=False))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('oauth_token', 'expired')
+    op.drop_column('authorization_code', 'expired')
+    # ### end Alembic commands ###