diff --git a/pkg/auth/idp/oauth2/config.go b/pkg/auth/idp/oauth2/config.go
index 9b91c9a405..f726a1e730 100644
--- a/pkg/auth/idp/oauth2/config.go
+++ b/pkg/auth/idp/oauth2/config.go
@@ -20,9 +20,7 @@ package oauth2
 
 import (
 	"crypto/sha1"
-	"strconv"
 	"strings"
-	"time"
 
 	"github.com/minio/console/pkg/auth/token"
 	"github.com/minio/pkg/v2/env"
@@ -106,15 +104,3 @@ func getSaltForIDPHmac() string {
 func getIDPScopes() string {
 	return env.Get(ConsoleIDPScopes, "openid,profile,email")
 }
-
-// getIDPTokenExpiration return default token expiration for access token
-func getIDPTokenExpiration() time.Duration {
-	expiration := 12 * 3600
-	if expStr := env.Get(ConsoleIDPTokenExpiration, ""); expStr != "" {
-		if exp, err := strconv.Atoi(expStr); err == nil {
-			expiration = exp
-		}
-	}
-
-	return time.Duration(expiration) * time.Second
-}
diff --git a/pkg/auth/idp/oauth2/provider.go b/pkg/auth/idp/oauth2/provider.go
index d1d6494bf8..062eafa5c3 100644
--- a/pkg/auth/idp/oauth2/provider.go
+++ b/pkg/auth/idp/oauth2/provider.go
@@ -28,11 +28,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/minio/minio-go/v7/pkg/credentials"
-	"github.com/minio/minio-go/v7/pkg/set"
-
 	"github.com/minio/console/pkg/auth/token"
 	"github.com/minio/console/pkg/auth/utils"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/minio/minio-go/v7/pkg/set"
+	"github.com/minio/pkg/v2/env"
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/oauth2"
 	xoauth2 "golang.org/x/oauth2"
@@ -331,14 +331,18 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state, roleARN
 		}
 		client.RefreshToken = oauth2Token.RefreshToken
 
-		expiration := token.GetConsoleSTSDuration()
-		if exp := getIDPTokenExpiration(); exp > 0 {
-			expiration = exp
-		}
+		envStsDuration := env.Get(token.ConsoleSTSDuration, "")
+		stsDuration, err := time.ParseDuration(envStsDuration)
+
+		expiration := 12 * time.Hour
 
-		// Use the expiration configured in the token itself if it is closer than the configured value
-		if exp := oauth2Token.Expiry.Sub(time.Now().UTC()); exp < expiration {
-			expiration = exp
+		if err == nil && stsDuration > 0 {
+			expiration = stsDuration
+		} else {
+			// Use the expiration configured in the token itself if it is closer than the configured value
+			if exp := oauth2Token.Expiry.Sub(time.Now().UTC()); exp < expiration {
+				expiration = exp
+			}
 		}
 
 		// Minimum duration in S3 spec is 15 minutes, do not bother returning