diff --git a/src/main/java/de/thm/arsnova/controller/AuthenticationController.java b/src/main/java/de/thm/arsnova/controller/AuthenticationController.java
index 2b11b7380013fbd1290d303cdf2ef6219497c569..f7bb957e4b4ce8cf12411b3beb7db1f5fac60da3 100644
--- a/src/main/java/de/thm/arsnova/controller/AuthenticationController.java
+++ b/src/main/java/de/thm/arsnova/controller/AuthenticationController.java
@@ -4,6 +4,7 @@ import de.thm.arsnova.entities.ClientAuthentication;
 import de.thm.arsnova.entities.LoginCredentials;
 import de.thm.arsnova.entities.UserProfile;
 import de.thm.arsnova.services.UserService;
+import org.pac4j.core.client.Client;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -31,4 +32,17 @@ public class AuthenticationController {
 				UserProfile.AuthProvider.ARSNOVA);
 		return userService.getCurrentClientAuthentication();
 	}
+
+	@PostMapping("/login/guest")
+	public ClientAuthentication loginGuest() {
+		final ClientAuthentication currentAuthentication = userService.getCurrentClientAuthentication();
+		if (currentAuthentication != null
+				&& currentAuthentication.getAuthProvider() == UserProfile.AuthProvider.ARSNOVA_GUEST) {
+			return currentAuthentication;
+		}
+		userService.authenticate(new UsernamePasswordAuthenticationToken(null, null),
+				UserProfile.AuthProvider.ARSNOVA_GUEST);
+
+		return userService.getCurrentClientAuthentication();
+	}
 }
diff --git a/src/main/java/de/thm/arsnova/security/jwt/JwtService.java b/src/main/java/de/thm/arsnova/security/jwt/JwtService.java
index ee5bb47fffd51db137e57099bff9303f5e394207..e1f4b1d4099e74bdc3792164de6ea330a2c2f827 100644
--- a/src/main/java/de/thm/arsnova/security/jwt/JwtService.java
+++ b/src/main/java/de/thm/arsnova/security/jwt/JwtService.java
@@ -4,6 +4,7 @@ import com.auth0.jwt.JWT;
 import com.auth0.jwt.JWTVerifier;
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.interfaces.DecodedJWT;
+import de.thm.arsnova.entities.UserProfile;
 import de.thm.arsnova.security.User;
 import de.thm.arsnova.services.UserService;
 import org.springframework.beans.factory.annotation.Value;
@@ -27,7 +28,8 @@ public class JwtService {
 	private static final String ROLES_CLAIM_NAME = "roles";
 	private Algorithm algorithm;
 	private String serverId;
-	private TemporalAmount validityPeriod;
+	private TemporalAmount defaultValidityPeriod;
+	private TemporalAmount guestValidityPeriod;
 	private JWTVerifier verifier;
 	private UserService userService;
 
@@ -35,15 +37,16 @@ public class JwtService {
 			final UserService userService,
 			@Value("${" + CONFIG_PREFIX + "secret}") final String secret,
 			@Value("${" + CONFIG_PREFIX + "serverId}") final String serverId,
-			@Value("${" + CONFIG_PREFIX + "validity-period}") final String validityPeriod)
+			@Value("${" + CONFIG_PREFIX + "validity-period}") final String defaultValidityPeriod)
 			throws UnsupportedEncodingException {
 		this.userService = userService;
 		this.serverId = serverId;
 		try {
-			this.validityPeriod = Duration.parse("P" + validityPeriod);
+			this.defaultValidityPeriod = Duration.parse("P" + defaultValidityPeriod);
 		} catch (Exception e) {
-			throw new IllegalArgumentException(validityPeriod, e);
+			throw new IllegalArgumentException(defaultValidityPeriod, e);
 		}
+		guestValidityPeriod = Duration.parse("P180D");
 		algorithm = Algorithm.HMAC256(secret);
 		verifier = JWT.require(algorithm)
 				.withAudience(serverId)
@@ -55,11 +58,13 @@ public class JwtService {
 				.map(ga -> ga.getAuthority())
 				.filter(ga -> ga.startsWith(ROLE_PREFIX))
 				.map(ga -> ga.substring(ROLE_PREFIX.length())).toArray(String[]::new);
+		final TemporalAmount expiresAt = user.getAuthProvider() == UserProfile.AuthProvider.ARSNOVA_GUEST
+				? guestValidityPeriod : defaultValidityPeriod;
 		return JWT.create()
 				.withIssuer(serverId)
 				.withAudience(serverId)
 				.withIssuedAt(new Date())
-				.withExpiresAt(Date.from(LocalDateTime.now().plus(validityPeriod).toInstant(ZoneOffset.UTC)))
+				.withExpiresAt(Date.from(LocalDateTime.now().plus(expiresAt).toInstant(ZoneOffset.UTC)))
 				.withSubject(user.getId())
 				.withArrayClaim(ROLES_CLAIM_NAME, roles)
 				.sign(algorithm);