Sanctum Token Expiry

By default the createToken method sets the expires_at column to null if you don't specify any value.

Here is the method from the HasApiTokens trait from Sanctum.

public function createToken(string $name, array $abilities = ['*'], DateTimeInterface $expiresAt = null)
{
    $token = $this->tokens()->create([
        'name' => $name,
        'token' => hash('sha256', $plainTextToken = Str::random(40)),
        'abilities' => $abilities,
        'expires_at' => $expiresAt,
    ]);

    return new NewAccessToken($token, $token->getKey().'|'.$plainTextToken);
}

Furthermore you can see that the expiration key in the configuration file doesn't impact the first-party sessions.

This won't tweak the lifetime of first-party sessions.

/*
|--------------------------------------------------------------------------
| Expiration Minutes
|--------------------------------------------------------------------------
|
| This value controls the number of minutes until an issued token will be
| considered expired. If this value is null, personal access tokens do
| not expire. This won't tweak the lifetime of first-party sessions.
|
*/

'expiration' => null,

The expires_at column is supposed to be null if you want to use the configuration value. You only need to set it if you want the token to expire earlier.

You can take a look here to see how Sanctum prunes expired tokens: https://github.com/laravel/sanctum/blob/3.x/src/Console/Commands/PruneExpired.php