Yes. We do support this. The tokens that would be issued are JWTs. You can enable JWT support from our session recipe (in session.init). You can then create a new JWT (using the session recipe) with custom payload and custom lifetime in your API post session verification. You can return this JWT to the user as their personal access token.