diff --git a/service/OneService.cpp b/service/OneService.cpp
index 5b0aaf68f..2aeafc4b7 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -340,6 +340,15 @@ public:
 		_config.authenticationURL[strlen(url)] = 0;
 	}
 
+	uint64_t getExpiryTime() {
+		if (_idc == nullptr) {
+			fprintf(stderr, "idc is null\n");
+			return 0;
+		}
+
+		return zeroidc::zeroidc_get_exp_time(_idc);
+	}
+
 private:
 	unsigned int _webPort;
 	std::shared_ptr<EthernetTap> _tap;
@@ -463,7 +472,7 @@ static void _networkToJson(nlohmann::json &nj,NetworkState &ns)
 		const char* authURL = ns.getAuthURL();
 		fprintf(stderr, "Auth URL: %s\n", authURL);
 		nj["authenticationURL"] = authURL;
-		nj["authenticationExpiryTime"] = ns.config().authenticationExpiryTime;
+		nj["authenticationExpiryTime"] = (ns.getExpiryTime()*1000);
 		nj["ssoEnabled"] = ns.config().ssoEnabled;
 	}
 }
diff --git a/zeroidc/Cargo.lock b/zeroidc/Cargo.lock
index 77e65a637..d8c0135f2 100644
--- a/zeroidc/Cargo.lock
+++ b/zeroidc/Cargo.lock
@@ -28,6 +28,12 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
 
+[[package]]
+name = "base64"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"
+
 [[package]]
 name = "base64"
 version = "0.13.0"
@@ -102,6 +108,7 @@ dependencies = [
  "num-integer",
  "num-traits",
  "serde",
+ "time",
  "winapi",
 ]
 
@@ -450,6 +457,20 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "jsonwebtoken"
+version = "7.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "afabcc15e437a6484fc4f12d0fd63068fe457bf93f1c148d3d9649c60b103f32"
+dependencies = [
+ "base64 0.12.3",
+ "pem",
+ "ring",
+ "serde",
+ "serde_json",
+ "simple_asn1",
+]
+
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -538,6 +559,17 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "num-bigint"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-bigint"
 version = "0.4.3"
@@ -584,7 +616,7 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab"
 dependencies = [
- "base64",
+ "base64 0.13.0",
  "chrono",
  "getrandom",
  "http",
@@ -616,12 +648,12 @@ version = "2.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d523cf32bdf7696f36bc4198a42c34b65f0227b97f2f501ebfbe016baa5bc52"
 dependencies = [
- "base64",
+ "base64 0.13.0",
  "chrono",
  "http",
  "itertools",
  "log",
- "num-bigint",
+ "num-bigint 0.4.3",
  "oauth2",
  "rand",
  "ring",
@@ -677,6 +709,17 @@ dependencies = [
  "num-traits",
 ]
 
+[[package]]
+name = "pem"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb"
+dependencies = [
+ "base64 0.13.0",
+ "once_cell",
+ "regex",
+]
+
 [[package]]
 name = "percent-encoding"
 version = "2.1.0"
@@ -774,6 +817,21 @@ dependencies = [
  "bitflags",
 ]
 
+[[package]]
+name = "regex"
+version = "1.5.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
+dependencies = [
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.6.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
+
 [[package]]
 name = "remove_dir_all"
 version = "0.5.3"
@@ -789,7 +847,7 @@ version = "0.11.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5"
 dependencies = [
- "base64",
+ "base64 0.13.0",
  "bytes",
  "encoding_rs",
  "futures-core",
@@ -856,7 +914,7 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
 dependencies = [
- "base64",
+ "base64 0.13.0",
 ]
 
 [[package]]
@@ -983,6 +1041,17 @@ dependencies = [
  "opaque-debug",
 ]
 
+[[package]]
+name = "simple_asn1"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b"
+dependencies = [
+ "chrono",
+ "num-bigint 0.2.6",
+ "num-traits",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.5"
@@ -1065,6 +1134,16 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "time"
+version = "0.1.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
 [[package]]
 name = "tinyvec"
 version = "1.5.0"
@@ -1404,9 +1483,11 @@ dependencies = [
 name = "zeroidc"
 version = "0.1.0"
 dependencies = [
- "base64",
+ "base64 0.13.0",
  "cbindgen",
+ "jsonwebtoken",
  "openidconnect",
  "reqwest",
+ "serde",
  "url",
 ]
diff --git a/zeroidc/Cargo.toml b/zeroidc/Cargo.toml
index 912631f33..ae4063425 100644
--- a/zeroidc/Cargo.toml
+++ b/zeroidc/Cargo.toml
@@ -16,6 +16,8 @@ openidconnect = "2.1.2"
 base64 = "0.13.0"
 url = "2.2.2"
 reqwest = "0.11.7"
+jsonwebtoken = "7.2.0"
+serde = "1.0.130"
 
 [build-dependencies]
 cbindgen = "0.20.0"
diff --git a/zeroidc/src/ext.rs b/zeroidc/src/ext.rs
index 87db679a5..c7a3095d4 100644
--- a/zeroidc/src/ext.rs
+++ b/zeroidc/src/ext.rs
@@ -91,6 +91,16 @@ pub extern "C" fn zeroidc_is_running(ptr: *mut ZeroIDC) -> bool {
     idc.is_running()
 }
 
+#[no_mangle]
+pub extern "C" fn zeroidc_get_exp_time(ptr: *mut ZeroIDC) -> u64 {
+    let id = unsafe {
+        assert!(!ptr.is_null());
+        &mut *ptr
+    };
+
+    id.get_exp_time()
+}
+
 #[no_mangle]
 pub extern "C" fn zeroidc_process_form_post(ptr: *mut ZeroIDC, body: *const c_char) -> bool {
     let idc = unsafe {
diff --git a/zeroidc/src/lib.rs b/zeroidc/src/lib.rs
index 14e004f7d..7181f6854 100644
--- a/zeroidc/src/lib.rs
+++ b/zeroidc/src/lib.rs
@@ -7,17 +7,14 @@ extern crate url;
 use std::sync::{Arc, Mutex};
 use std::thread::{sleep, spawn, JoinHandle};
 use std::time::Duration;
-
+use serde::{Deserialize, Serialize};
 use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
 use openidconnect::reqwest::http_client;
-use openidconnect::{AuthenticationFlow, PkceCodeVerifier, TokenResponse, OAuth2TokenResponse};
-use openidconnect::{AuthorizationCode, ClientId, CsrfToken, IssuerUrl, Nonce, PkceCodeChallenge, RedirectUrl, RequestTokenError, Scope};
-
-use reqwest::blocking::Client;
+use openidconnect::{AccessToken, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse};
+use jsonwebtoken::{dangerous_insecure_decode};
 
 use url::Url;
 
-
 pub struct ZeroIDC {
     inner: Arc<Mutex<Inner>>,
 }
@@ -28,6 +25,14 @@ struct Inner {
     auth_endpoint: String,
     oidc_thread: Option<JoinHandle<()>>,
     oidc_client: Option<openidconnect::core::CoreClient>,
+    access_token: Option<AccessToken>,
+    refresh_token: Option<RefreshToken>,
+    exp_time: u64,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Exp {
+    exp: u64
 }
 
 fn csrf_func(csrf_token: String) -> Box<dyn Fn() -> CsrfToken> {
@@ -60,6 +65,9 @@ impl ZeroIDC {
                 auth_endpoint: auth_ep.to_string(),
                 oidc_thread: None,
                 oidc_client: None,
+                access_token: None,
+                refresh_token: None,
+                exp_time: 0,
             })),
         };
 
@@ -147,7 +155,11 @@ impl ZeroIDC {
     }
 
     fn get_network_id(&mut self) -> String {
-        return (*self.inner.lock().unwrap()).network_id.clone()
+        return (*self.inner.lock().unwrap()).network_id.clone();
+    }
+
+    fn get_exp_time(&mut self) -> u64 {
+        return (*self.inner.lock().unwrap()).exp_time;
     }
 
     fn do_token_exchange(&mut self, auth_info: &mut AuthInfo, code: &str) {
@@ -185,6 +197,17 @@ impl ZeroIDC {
                     Ok(res) => {
                         println!("hit url: {}", res.url().as_str());
                         println!("Status: {}", res.status());
+
+                        let at = tok.access_token().secret();
+                        let exp = dangerous_insecure_decode::<Exp>(&at);
+                        if let Ok(e) = exp {
+                            (*self.inner.lock().unwrap()).exp_time = e.claims.exp
+                        }
+
+                        (*self.inner.lock().unwrap()).access_token = Some(tok.access_token().clone());
+                        if let Some(t) = tok.refresh_token() {
+                            (*self.inner.lock().unwrap()).refresh_token = Some(t.clone());
+                        }
                     },
                     Err(res) => {
                         println!("hit url: {}", res.url().unwrap().as_str());
@@ -193,9 +216,6 @@ impl ZeroIDC {
                     }
                 }
 
-                let claims = (*self.inner.lock().unwrap()).oidc_client.as_ref().map(|c| {
-
-                });
                 let access_token = tok.access_token();
                 println!("Access Token: {}", access_token.secret());