diff --git a/src/main/java/org/commonjava/service/metadata/client/util/CustomClientRequestFilter.java b/src/main/java/org/commonjava/service/metadata/client/util/CustomClientRequestFilter.java
index b4bf3b7..3e7148b 100644
--- a/src/main/java/org/commonjava/service/metadata/client/util/CustomClientRequestFilter.java
+++ b/src/main/java/org/commonjava/service/metadata/client/util/CustomClientRequestFilter.java
@@ -29,6 +29,8 @@
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.ext.Provider;
 
+import java.time.Duration;
+
 @Provider
 @Priority(Priorities.AUTHENTICATION)
 public class CustomClientRequestFilter implements ClientRequestFilter
@@ -51,7 +53,7 @@ public void filter( ClientRequestContext requestContext )
             if ( tokens == null || tokens.isAccessTokenExpired() )
             {
                 logger.debug("Security enabled, get oidc Tokens");
-                tokens = client.getTokens().await().indefinitely();
+                tokens = client.getTokens().await().atMost( Duration.ofSeconds( 30 ) );
             }
             requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, "Bearer " + tokens.getAccessToken());
         }