diff --git a/test/integration/client_test.go b/test/integration/client_test.go
index 690d0ec3..2b18f170 100644
--- a/test/integration/client_test.go
+++ b/test/integration/client_test.go
@@ -67,6 +67,8 @@ func TestClient(t *testing.T) {
 	clientConfig := library.NewClientConfig(t)
 	resp, err := client.ExchangeToken(ctx, tmcClusterToken, string(clientConfig.CAData), clientConfig.Host)
 	require.NoError(t, err)
+	require.NotNil(t, resp.ExpirationTimestamp)
+	require.InDelta(t, time.Until(*resp.ExpirationTimestamp), 1*time.Hour, float64(5*time.Second))
 
 	// Create a client using the certificate and key returned by the token exchange.
 	validClient := library.NewClientsetWithConfig(t, library.NewClientConfigWithCertAndKey(t, resp.ClientCertificateData, resp.ClientKeyData))
diff --git a/test/integration/loginrequest_test.go b/test/integration/loginrequest_test.go
index ca13b642..69abb0f5 100644
--- a/test/integration/loginrequest_test.go
+++ b/test/integration/loginrequest_test.go
@@ -55,7 +55,8 @@ func TestSuccessfulLoginRequest(t *testing.T) {
 	require.Empty(t, response.Status.Credential.Token)
 	require.NotEmpty(t, response.Status.Credential.ClientCertificateData)
 	require.NotEmpty(t, response.Status.Credential.ClientKeyData)
-	require.Nil(t, response.Status.Credential.ExpirationTimestamp)
+	require.NotNil(t, response.Status.Credential.ExpirationTimestamp)
+	require.InDelta(t, time.Until(response.Status.Credential.ExpirationTimestamp.Time), 1*time.Hour, float64(5*time.Second))
 	require.NotNil(t, response.Status.User)
 	require.NotEmpty(t, response.Status.User.Name)
 	require.Contains(t, response.Status.User.Groups, "tmc:member")