diff --git a/api/rpc/perms/permissions.go b/api/rpc/perms/permissions.go
index 60ba33c534..8a72e21676 100644
--- a/api/rpc/perms/permissions.go
+++ b/api/rpc/perms/permissions.go
@@ -33,20 +33,7 @@ func (j *JWTPayload) MarshalBinary() (data []byte, err error) {
 // NewTokenWithPerms generates and signs a new JWT token with the given secret
 // and given permissions.
 func NewTokenWithPerms(signer jwt.Signer, perms []auth.Permission) ([]byte, error) {
-	nonce := make([]byte, 32)
-	if _, err := rand.Read(nonce); err != nil {
-		return nil, err
-	}
-
-	p := &JWTPayload{
-		Allow: perms,
-		Nonce: nonce,
-	}
-	token, err := jwt.NewBuilder(signer).Build(p)
-	if err != nil {
-		return nil, err
-	}
-	return token.Bytes(), nil
+	return NewTokenWithTTL(signer, perms, 0)
 }
 
 // NewTokenWithTTL generates and signs a new JWT token with the given secret
diff --git a/cmd/auth.go b/cmd/auth.go
index 74ad0319f8..2f4fa37d38 100644
--- a/cmd/auth.go
+++ b/cmd/auth.go
@@ -20,6 +20,8 @@ import (
 	nodemod "github.com/celestiaorg/celestia-node/nodebuilder/node"
 )
 
+var ttlFlagName = "ttl"
+
 func AuthCmd(fsets ...*flag.FlagSet) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "auth [permission-level (e.g. read || write || admin)]",
@@ -35,7 +37,10 @@ func AuthCmd(fsets ...*flag.FlagSet) *cobra.Command {
 				return err
 			}
 
-			ttl, _ := cmd.Flags().GetDuration("ttl")
+			ttl, err := cmd.Flags().GetDuration(ttlFlagName)
+			if err != nil {
+				return err
+			}
 
 			ks, err := newKeystore(StorePath(cmd.Context()))
 			if err != nil {
@@ -65,6 +70,8 @@ func AuthCmd(fsets ...*flag.FlagSet) *cobra.Command {
 	for _, set := range fsets {
 		cmd.Flags().AddFlagSet(set)
 	}
+	cmd.Flags().Duration(ttlFlagName, 0, "Set a Time-to-live (TTL) for the token")
+
 	return cmd
 }