diff --git a/lib/ash_authentication/generate_token_change.ex b/lib/ash_authentication/generate_token_change.ex
index 9543cef..b3ceffc 100644
--- a/lib/ash_authentication/generate_token_change.ex
+++ b/lib/ash_authentication/generate_token_change.ex
@@ -10,15 +10,32 @@ defmodule AshAuthentication.GenerateTokenChange do
   @doc false
   @impl true
   @spec change(Changeset.t(), keyword, Change.context()) :: Changeset.t()
-  def change(changeset, _opts, _) do
+  def change(changeset, options, context) do
     changeset
-    |> Changeset.after_action(fn _changeset, result ->
+    |> Changeset.after_action(fn changeset, result ->
+      {:ok, strategy} = Info.find_strategy(changeset, context, options)
+
       if Info.authentication_tokens_enabled?(result.__struct__) do
-        {:ok, token, _claims} = Jwt.token_for_user(result)
-        {:ok, %{result | __metadata__: Map.put(result.__metadata__, :token, token)}}
+        {:ok, generate_token(changeset.context[:token_type] || :user, result, strategy)}
       else
         {:ok, result}
       end
     end)
   end
+
+  defp generate_token(purpose, record, strategy)
+       when purpose in [:user, :sign_in] and is_integer(strategy.sign_in_token_lifetime) do
+    {:ok, token, _claims} =
+      Jwt.token_for_user(record, %{"purpose" => to_string(purpose)},
+        token_lifetime: strategy.sign_in_token_lifetime
+      )
+
+    Ash.Resource.put_metadata(record, :token, token)
+  end
+
+  defp generate_token(purpose, record, _strategy) do
+    {:ok, token, _claims} = Jwt.token_for_user(record, %{"purpose" => to_string(purpose)})
+
+    Ash.Resource.put_metadata(record, :token, token)
+  end
 end