diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4a0dc901e6639897d87424054f27e45af886b36d..dcf2c81ca65bfc27b143adf6f0044c1770861e8d 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -35,6 +35,7 @@ Fixed
 ~~~~~
 
 * Celery's logging did not honour Django's logging level
+* Automatically clean up expired OAuth tokens after 24 hourse
 
 `2.10.1`_ - 2022-07-24
 ----------------------
diff --git a/aleksis/core/settings.py b/aleksis/core/settings.py
index 3313076e8d2649bbbc0fa885e59ea9c5d84dcf62..913813f34371bf4acf7106327530db1e3e96aa4c 100644
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -400,6 +400,7 @@ OAUTH2_PROVIDER = {
     "SCOPES_BACKEND_CLASS": "aleksis.core.util.auth_helpers.AppScopes",
     "OAUTH2_VALIDATOR_CLASS": "aleksis.core.util.auth_helpers.CustomOAuth2Validator",
     "OIDC_ENABLED": True,
+    "REFRESH_TOKEN_EXPIRE_SECONDS": _settings.get("oauth2.token_expiry", 86400),
 }
 OAUTH2_PROVIDER_APPLICATION_MODEL = "core.OAuthApplication"
 OAUTH2_PROVIDER_GRANT_MODEL = "core.OAuthGrant"