diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go
index 2a8d2b801f3003ceac37dcbfb7a7991ff10e7bf7..e509304bdd155f21636eea398fa0635000e7dd91 100644
--- a/cmd/cashierd/main.go
+++ b/cmd/cashierd/main.go
@@ -14,7 +14,6 @@ import (
 	"net/http"
 	"os"
 	"strings"
-	"time"
 
 	"golang.org/x/oauth2"
 
@@ -133,11 +132,6 @@ func callbackHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int
 	if err := a.authsession.Authorize(a.authprovider, code); err != nil {
 		return http.StatusInternalServerError, err
 	}
-	// Github tokens don't have an expiry. Set one so that the session expires
-	// after a period.
-	if a.authsession.Token.Expiry.Unix() <= 0 {
-		a.authsession.Token.Expiry = time.Now().Add(1 * time.Hour)
-	}
 	a.setAuthCookie(w, r, a.authsession.Token)
 	http.Redirect(w, r, "/", http.StatusFound)
 	return http.StatusFound, nil
diff --git a/server/auth/github/github.go b/server/auth/github/github.go
index 192cd9d2573ec8f91d21ae7627fa8d1966f869ca..d7a57afc3d94c753b0f3860c56f0e876b95abdde 100644
--- a/server/auth/github/github.go
+++ b/server/auth/github/github.go
@@ -3,6 +3,7 @@ package github
 import (
 	"errors"
 	"net/http"
+	"time"
 
 	"github.com/nsheridan/cashier/server/auth"
 	"github.com/nsheridan/cashier/server/config"
@@ -83,7 +84,16 @@ func (c *Config) StartSession(state string) *auth.Session {
 
 // Exchange authorizes the session and returns an access token.
 func (c *Config) Exchange(code string) (*oauth2.Token, error) {
-	return c.config.Exchange(oauth2.NoContext, code)
+	t, err := c.config.Exchange(oauth2.NoContext, code)
+	if err != nil {
+		return nil, err
+	}
+	// Github tokens don't have an expiry. Set one so that the session expires
+	// after a period.
+	if t.Expiry.Unix() <= 0 {
+		t.Expiry = time.Now().Add(1 * time.Hour)
+	}
+	return t, nil
 }
 
 // Username retrieves the username portion of the user's email address.