It would be more convenient to be able to define token expiration because a token would be used in an app, and we would like to replace it only when it is compromised, which we would like to cancel that token as well.