diff --git a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h
index 12abc203c..a2cabb09f 100644
--- a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h
+++ b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.h
@@ -33,6 +33,7 @@ NS_ASSUME_NONNULL_BEGIN
  */
 API_UNAVAILABLE(macCatalyst)
 @interface OIDExternalUserAgentIOS : NSObject<OIDExternalUserAgent>
+@property(nonatomic, weak) UIViewController *_presentingViewController;
 
 - (null_unspecified instancetype)init API_AVAILABLE(ios(11))
     __deprecated_msg("This method will not work on iOS 13, use "
diff --git a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m
index 41d5fa1c0..66d24e7c3 100644
--- a/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m
+++ b/Sources/AppAuth/iOS/OIDExternalUserAgentIOS.m
@@ -42,7 +42,6 @@ @interface OIDExternalUserAgentIOS ()<SFSafariViewControllerDelegate>
 #endif
 
 @implementation OIDExternalUserAgentIOS {
-  UIViewController *_presentingViewController;
   BOOL _prefersEphemeralSession;
 
   BOOL _externalUserAgentFlowInProgress;
@@ -71,7 +70,7 @@ - (nullable instancetype)initWithPresentingViewController:
              @"presentingViewController cannot be nil on iOS 13");
 #endif // __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
     
-    _presentingViewController = presentingViewController;
+    self._presentingViewController = presentingViewController;
   }
   return self;
 }
@@ -166,12 +165,12 @@ - (BOOL)presentExternalUserAgentRequest:(id<OIDExternalUserAgentRequest>)request
   }
   // iOS 9 and 10, use SFSafariViewController
   if (@available(iOS 9.0, *)) {
-    if (!openedUserAgent && _presentingViewController) {
+    if (!openedUserAgent && self._presentingViewController) {
       SFSafariViewController *safariVC =
           [[SFSafariViewController alloc] initWithURL:requestURL];
       safariVC.delegate = self;
       _safariVC = safariVC;
-      [_presentingViewController presentViewController:safariVC animated:YES completion:nil];
+      [self._presentingViewController presentViewController:safariVC animated:YES completion:nil];
       openedUserAgent = YES;
     }
   }
@@ -251,7 +250,7 @@ - (void)safariViewControllerDidFinish:(SFSafariViewController *)controller NS_AV
 #pragma mark - ASWebAuthenticationPresentationContextProviding
 
 - (ASPresentationAnchor)presentationAnchorForWebAuthenticationSession:(ASWebAuthenticationSession *)session API_AVAILABLE(ios(13.0)){
-  return _presentingViewController.view.window;
+  return self._presentingViewController.view.window;
 }
 #endif // __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
 
diff --git a/Sources/AppAuthCore/OIDAuthState.h b/Sources/AppAuthCore/OIDAuthState.h
index 46c78a831..606e8723f 100644
--- a/Sources/AppAuthCore/OIDAuthState.h
+++ b/Sources/AppAuthCore/OIDAuthState.h
@@ -30,6 +30,13 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
+#if DEBUG
+static const NSUInteger kExpiryTimeTolerance = 15;
+#else
+static const NSUInteger kExpiryTimeTolerance = 60;
+#endif
+
+
 /*! @brief Represents a block used to call an action with a fresh access token.
     @param accessToken A valid access token if available.
     @param idToken A valid ID token if available.
diff --git a/Sources/AppAuthCore/OIDAuthState.m b/Sources/AppAuthCore/OIDAuthState.m
index cb5a22a1e..7d692b1ae 100644
--- a/Sources/AppAuthCore/OIDAuthState.m
+++ b/Sources/AppAuthCore/OIDAuthState.m
@@ -57,7 +57,6 @@
 
 /*! @brief Number of seconds the access token is refreshed before it actually expires.
  */
-static const NSUInteger kExpiryTimeTolerance = 60;
 
 /*! @brief Object to hold OIDAuthState pending actions.
  */