diff --git a/flaschengeist/modules/auth/__init__.py b/flaschengeist/modules/auth/__init__.py
index 1559465..bfd7f21 100644
--- a/flaschengeist/modules/auth/__init__.py
+++ b/flaschengeist/modules/auth/__init__.py
@@ -33,13 +33,13 @@ def _logout(**kwargs):
         logger.debug("accesstoken is {{ {} }}".format(accToken))
         logger.debug("delete accesstoken")
         accesTokenController.deleteAccessToken(accToken)
+        accesTokenController.clearExpired()
         logger.info("return ok logout user")
         return jsonify({"ok": "ok"})
     except Exception as err:
         logger.warning("exception in logout user.", exc_info=True)
         return jsonify({"error": str(err)}), 500
 
-
 @auth_bp.route("/login", methods=['POST'])
 def _login():
     """ Login User
@@ -65,7 +65,7 @@ def _login():
         logger.debug("accesstoken is {{ {} }}".format(token))
         logger.debug("validate accesstoken")
         dic = user.toJSON()
-        dic["token"] = token
+        dic["accessToken"] = token
         logger.info("User {{ {} }} success login.".format(username))
         logger.debug("return login {{ {} }}".format(dic))
         return jsonify(dic)
@@ -75,3 +75,52 @@ def _login():
     except Exception as err:
         logger.error("exception in login.", exc_info=True)
         return jsonify({"error": "permission denied"}), 401
+
+@auth_bp.route("/user/getAccessTokens", methods=['GET', 'POST'])
+@login_required()
+def _getAccessTokens(**kwargs):
+    try:
+        if request.method == 'POST':
+            data = request.get_json()
+            accesTokenController.deleteAccessToken(accToken)
+            delAccToken = AccessToken(data['id'], kwargs['accToken'].user, None, None, None)
+            accesTokenController.deleteAccessToken(delAccToken)
+        tokens = accesTokenController.getAccessTokensFromUser(kwargs['accToken'].user)
+        r = [t.toJSON() for t in tokens]
+        logger.debug("return {{ {} }}".format(r))
+        return jsonify(r)
+    except Exception as err:
+        logger.debug("exception", exc_info=True)
+        return jsonify({"error": str(err)}), 500
+
+@auth_bp.route("/getLifetime", methods=['GET'])
+@login_required()
+def _getLifeTime(**kwargs):
+    try:
+        logger.debug("get lifetime of accesstoken")
+        accToken = kwargs['accToken']
+        logger.debug("accessToken is {{ {} }}".format(accToken))
+        return jsonify({"value": accToken.lifetime})
+    except Exception as err:
+        logger.warning("exception in get lifetime of accesstoken.", exc_info=True)
+        return jsonify({"error": str(err)}), 500
+
+@auth_bp.route("/setLifetime", methods=['POST'])
+@login_required()
+def _saveLifeTime(**kwargs):
+    try:
+        accToken = kwargs['accToken']
+        logger.debug("save lifetime for accessToken {{ {} }}".format(accToken))
+        data = request.get_json()
+        lifetime = data['value']
+        logger.debug("lifetime is {{ {} }}".format(lifetime))
+        logger.info("set lifetime {{ {} }} to accesstoken {{ {} }}".format(
+            lifetime, accToken))
+        accToken.lifetime = lifetime
+        logger.info("update accesstoken timestamp")
+        accToken = accesTokenController.updateAccessToken(accToken)
+        return jsonify({"value": accToken.lifetime })
+    except Exception as err:
+        logger.warning(
+            "exception in save lifetime for accesstoken.", exc_info=True)
+        return jsonify({"error": str(err)}), 500