diff --git a/backend-nest/src/config/configuration.ts b/backend-nest/src/config/configuration.ts
index ace7b8f..f521e16 100644
--- a/backend-nest/src/config/configuration.ts
+++ b/backend-nest/src/config/configuration.ts
@@ -9,7 +9,7 @@ export default () => ({
   },
   jwt: {
     secret: process.env.JWT_SECRET || 'change-me',
-    accessExpirySeconds: parseInt(process.env.JWT_ACCESS_EXPIRY_SECONDS || '900', 10),
+    accessExpirySeconds: parseInt(process.env.JWT_ACCESS_EXPIRY_SECONDS || '14400', 10),
     refreshExpirySeconds: parseInt(process.env.JWT_REFRESH_EXPIRY_SECONDS || '604800', 10),
   },
   encryption: {
diff --git a/backend-nest/src/modules/auth/auth.service.ts b/backend-nest/src/modules/auth/auth.service.ts
index 579859b..779747e 100644
--- a/backend-nest/src/modules/auth/auth.service.ts
+++ b/backend-nest/src/modules/auth/auth.service.ts
@@ -161,22 +161,12 @@ export class AuthService {
         throw new UnauthorizedException('User not found');
       }
 
-      // Generate new access token
-      const accessToken = await this.jwtService.signAsync(
-        {
-          sub: user.id,
-          email: user.email,
-          username: user.username,
-          is_super_admin: user.is_super_admin,
-        },
-        {
-          secret: this.configService.get<string>('jwt.secret'),
-          expiresIn: this.configService.get<number>('jwt.accessExpirySeconds') || 900,
-        },
-      );
+      // Generate new token pair (rotating refresh tokens)
+      const tokens = await this.generateTokens(user);
 
       return {
-        access_token: accessToken,
+        access_token: tokens.access_token,
+        refresh_token: tokens.refresh_token,
       };
     } catch (error) {
       throw new UnauthorizedException('Invalid refresh token');