diff --git a/scm-webapp/src/main/java/sonia/scm/security/DefaultJwtAccessTokenRefreshStrategy.java b/scm-webapp/src/main/java/sonia/scm/security/DefaultJwtAccessTokenRefreshStrategy.java
new file mode 100644
index 0000000000..266a327d44
--- /dev/null
+++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultJwtAccessTokenRefreshStrategy.java
@@ -0,0 +1,10 @@
+package sonia.scm.security;
+
+import sonia.scm.plugin.Extension;
+
+@Extension
+public class DefaultJwtAccessTokenRefreshStrategy extends PercentageJwtAccessTokenRefreshStrategy {
+  public DefaultJwtAccessTokenRefreshStrategy() {
+    super(0.5F);
+  }
+}
diff --git a/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenRefreshStrategy.java b/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenRefreshStrategy.java
index 47d6a09285..f7f030d1f6 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenRefreshStrategy.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenRefreshStrategy.java
@@ -1,5 +1,8 @@
 package sonia.scm.security;
 
+import sonia.scm.plugin.ExtensionPoint;
+
+@ExtensionPoint
 public interface JwtAccessTokenRefreshStrategy {
   boolean shouldBeRefreshed(JwtAccessToken oldToken);
 }
diff --git a/scm-webapp/src/test/java/sonia/scm/security/PercentageJwtAccessTokenRefreshStrategyTest.java b/scm-webapp/src/test/java/sonia/scm/security/PercentageJwtAccessTokenRefreshStrategyTest.java
index e35823e445..2e1fa44a76 100644
--- a/scm-webapp/src/test/java/sonia/scm/security/PercentageJwtAccessTokenRefreshStrategyTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/PercentageJwtAccessTokenRefreshStrategyTest.java
@@ -47,15 +47,14 @@ public class PercentageJwtAccessTokenRefreshStrategyTest {
     when(creationClock.instant()).thenReturn(TOKEN_CREATION);
 
     tokenBuilder = new JwtAccessTokenBuilderFactory(keyGenerator, keyResolver, Collections.emptySet(), creationClock).create();
-    tokenBuilder
-      .refreshableFor(1, HOURS);
+    tokenBuilder.refreshableFor(1, HOURS);
 
     refreshStrategy = new PercentageJwtAccessTokenRefreshStrategy(refreshClock, 0.5F);
   }
 
   @Test
   public void shouldNotRefreshWhenTokenIsYoung() {
-    when(refreshClock.instant()).thenReturn(TOKEN_CREATION.plus(1, MINUTES));
+    when(refreshClock.instant()).thenReturn(TOKEN_CREATION.plus(29, MINUTES));
     assertThat(refreshStrategy.shouldBeRefreshed(tokenBuilder.build())).isFalse();
   }