Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/config/AuthProperties.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/config/AuthProperties.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/config/AuthProperties.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -0,0 +1,15 @@
+package com.ukim.finki.develop.finkwave.config;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@Getter @Setter
+@ConfigurationProperties(prefix = "auth")
+public class AuthProperties {
+    private String secret;
+    private int accessTokenMaxAge;
+    private int refreshTokenMaxAge;
+}
Index: nkwave/src/main/java/com/ukim/finki/develop/finkwave/config/JwtProperties.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/config/JwtProperties.java	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ 	(revision )
@@ -1,14 +1,0 @@
-//package com.ukim.finki.develop.finkwave.config;
-//
-//import lombok.Getter;
-//import lombok.Setter;
-//import org.springframework.boot.context.properties.ConfigurationProperties;
-//import org.springframework.context.annotation.Configuration;
-//
-//@Configuration
-//@Getter @Setter
-//@ConfigurationProperties(prefix = "jwt")
-//public class JwtProperties {
-//    private String secret;
-//    private long expirationMs;
-//}
Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/controller/AuthController.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -3,4 +3,5 @@
 import java.util.Map;
 
+import com.ukim.finki.develop.finkwave.config.AuthProperties;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -28,6 +29,5 @@
 @RequiredArgsConstructor
 public class AuthController {
-    // todo: read from config
-    private final int accessTokenMaxAge = 900;
+    private final AuthProperties authProperties;
     private final AuthService authService;
 
@@ -40,5 +40,5 @@
             return ResponseEntity.ok(Map.of(
                     "user", userResponseDto,
-                    "tokenExpiresIn", accessTokenMaxAge
+                    "tokenExpiresIn", authProperties.getAccessTokenMaxAge()
             ));
         } catch (Exception e){
@@ -57,5 +57,5 @@
             return ResponseEntity.ok(Map.of(
                     "user", userResponseDto,
-                    "tokenExpiresIn", accessTokenMaxAge
+                    "tokenExpiresIn", authProperties.getAccessTokenMaxAge()
                     )
             );
@@ -77,5 +77,5 @@
         authService.refreshAccessTokenAndAddCookie(httpServletResponse, refreshToken);
         return ResponseEntity.ok(Map.of(
-                "tokenExpiresIn", accessTokenMaxAge
+                "tokenExpiresIn", authProperties.getAccessTokenMaxAge()
         ));
     }
@@ -102,5 +102,5 @@
         UserResponseDto userDto = authService.getUserDtoByUsername(username);
         return ResponseEntity.ok(Map.of(
-                "tokenExpiresIn", accessTokenMaxAge,
+                "tokenExpiresIn", authProperties.getAccessTokenMaxAge(),
                 "user", userDto
         ));
Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/AuthService.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -1,4 +1,5 @@
 package com.ukim.finki.develop.finkwave.service;
 
+import com.ukim.finki.develop.finkwave.config.AuthProperties;
 import com.ukim.finki.develop.finkwave.dto.LoginRequestDto;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -26,6 +27,5 @@
     private final JwtService jwtService;
     private final RefreshTokenService refreshTokenService;
-    private final int accessTokenMaxAge = 900;
-    private final int refreshTokenMaxAge = 10 * 24 * 60 * 60;
+    private final AuthProperties authProperties;
 
 
@@ -81,5 +81,5 @@
         accessCookie.setSecure(false);
         accessCookie.setPath("/");
-        accessCookie.setMaxAge(accessTokenMaxAge);
+        accessCookie.setMaxAge(authProperties.getAccessTokenMaxAge());
         response.addCookie(accessCookie);
     }
@@ -127,5 +127,5 @@
         refreshCookie.setSecure(false);
         refreshCookie.setPath("/");
-        refreshCookie.setMaxAge(refreshTokenMaxAge);
+        refreshCookie.setMaxAge(authProperties.getRefreshTokenMaxAge());
         response.addCookie(refreshCookie);
 
Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/CustomUserDetailsService.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/CustomUserDetailsService.java	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/CustomUserDetailsService.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -22,5 +22,6 @@
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new RuntimeException("user not found"));
-//        List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority("ROLE_" + user.getRole().name()));
+        // todo: fix hardcoded role
+        // List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority("ROLE_" + user.getRole().name()));
         List<GrantedAuthority> authorities = List.of(new SimpleGrantedAuthority("ROLE_NONADMIN"));
         return new org.springframework.security.core.userdetails.User(
Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/JwtService.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/JwtService.java	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/JwtService.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -1,7 +1,10 @@
 package com.ukim.finki.develop.finkwave.service;
 
+import com.ukim.finki.develop.finkwave.config.AuthProperties;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.security.Keys;
+import lombok.RequiredArgsConstructor;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
@@ -11,16 +14,14 @@
 
 @Service
+@RequiredArgsConstructor
 public class JwtService {
-    // todo: read from config
-    private final int accessTokenMaxAge = 900; // 900s - 15min
-    // todo: replace hardcoded secret
-    private final String secretKey = "very-really-extremely-secret-key-123";
+    private final AuthProperties authProperties;
 
     public String generateToken(String username, String role){
-        SecretKey key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
+        SecretKey key = Keys.hmacShaKeyFor(authProperties.getSecret().getBytes(StandardCharsets.UTF_8));
         return Jwts.builder()
                 .setSubject(username)
                 .claim("role", "ROLE_" + role)
-                .setExpiration(new Date(System.currentTimeMillis() + (long) accessTokenMaxAge * 1000))
+                .setExpiration(new Date(System.currentTimeMillis() + (long) authProperties.getAccessTokenMaxAge() * 1000))
                 .signWith(key)
                 .compact();
@@ -28,5 +29,5 @@
 
     public Claims extractClaims(String token){
-        SecretKey key = Keys.hmacShaKeyFor(secretKey.getBytes(StandardCharsets.UTF_8));
+        SecretKey key = Keys.hmacShaKeyFor(authProperties.getSecret().getBytes(StandardCharsets.UTF_8));
         return Jwts.parserBuilder()
                 .setSigningKey(key)
Index: finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/RefreshTokenService.java
===================================================================
--- finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/RefreshTokenService.java	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ finkwave/src/main/java/com/ukim/finki/develop/finkwave/service/RefreshTokenService.java	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -1,4 +1,5 @@
 package com.ukim.finki.develop.finkwave.service;
 
+import com.ukim.finki.develop.finkwave.config.AuthProperties;
 import com.ukim.finki.develop.finkwave.model.RefreshToken;
 import com.ukim.finki.develop.finkwave.model.User;
@@ -16,4 +17,5 @@
 public class RefreshTokenService {
     private final RefreshTokenRepository refreshTokenRepository;
+    private final AuthProperties authProperties;
 
     public RefreshToken createRefreshToken(User user){
@@ -21,5 +23,5 @@
         refreshToken.setUser(user);
         refreshToken.setToken(UUID.randomUUID().toString());
-        refreshToken.setExpiresAt(Instant.now().plus(14, ChronoUnit.DAYS));
+        refreshToken.setExpiresAt(Instant.now().plus(authProperties.getRefreshTokenMaxAge(), ChronoUnit.SECONDS));
         return refreshTokenRepository.save(refreshToken);
     }
Index: finkwave/src/main/resources/application-example.properties
===================================================================
--- finkwave/src/main/resources/application-example.properties	(revision 62acea220ac64f2424e733a4cedb1219c67bcc55)
+++ finkwave/src/main/resources/application-example.properties	(revision 335fee09ec53515e4deaae77aa426bd9c68c3ee0)
@@ -5,2 +5,10 @@
 spring.datasource.password=x
 spring.datasource.hikari.schema=x
+
+auth.secret=x
+
+# 15 minutes
+auth.access-token-max-age=900
+
+# 10 days = 10 * 24 * 60 * 60
+auth.refresh-token-max-age=864000
