diff --git a/src/WalletFramework.Core/Cryptography/Abstractions/IKeyStore.cs b/src/WalletFramework.Core/Cryptography/Abstractions/IKeyStore.cs
index 903380ed..f53e4de2 100644
--- a/src/WalletFramework.Core/Cryptography/Abstractions/IKeyStore.cs
+++ b/src/WalletFramework.Core/Cryptography/Abstractions/IKeyStore.cs
@@ -13,8 +13,9 @@ public interface IKeyStore
     ///     Asynchronously generates a key for the specified algorithm and returns the key identifier.
     /// </summary>
     /// <param name="alg">The algorithm for key generation (default is "ES256").</param>
+    /// <param name="isPermanent">If false creates an ephemeral key.</param>
     /// <returns>A <see cref="Task{TResult}" /> representing the generated key's identifier as a string.</returns>
-    Task<KeyId> GenerateKey(string alg = "ES256");
+    Task<KeyId> GenerateKey(string alg = "ES256", bool isPermanent = true);
 
     /// <summary>
     ///     Asynchronously loads a key by its identifier and returns it as a JSON Web Key (JWK) containing the public key
diff --git a/src/WalletFramework.Oid4Vc/Oid4Vci/Authorization/Implementations/TokenService.cs b/src/WalletFramework.Oid4Vc/Oid4Vci/Authorization/Implementations/TokenService.cs
index b3f66633..1247a90a 100644
--- a/src/WalletFramework.Oid4Vc/Oid4Vci/Authorization/Implementations/TokenService.cs
+++ b/src/WalletFramework.Oid4Vc/Oid4Vci/Authorization/Implementations/TokenService.cs
@@ -30,7 +30,7 @@ public async Task<OneOf<OAuthToken, DPopToken>> RequestToken(
     {
         if (metadata.IsDPoPSupported)
         {
-            var keyId = await _keyStore.GenerateKey();
+            var keyId = await _keyStore.GenerateKey(isPermanent: false);
             
             var config = new DPopConfig(keyId, metadata.TokenEndpoint);