diff --git a/lms/djangoapps/commerce/tests/__init__.py b/lms/djangoapps/commerce/tests/__init__.py
index 74a82d36a8..f5cdf46342 100644
--- a/lms/djangoapps/commerce/tests/__init__.py
+++ b/lms/djangoapps/commerce/tests/__init__.py
@@ -45,7 +45,7 @@ class EdxRestApiClientTest(TestCase):
 
     @httpretty.activate
     @freeze_time('2015-7-2')
-    @override_settings(JWT_ISSUER='http://example.com/oauth', JWT_EXPIRATION=30)
+    @override_settings(JWT_AUTH={'JWT_ISSUER': 'http://example.com/oauth', 'JWT_EXPIRATION': 30})
     def test_tracking_context(self):
         """
         Ensure the tracking context is set up in the api client correctly and
@@ -71,8 +71,8 @@ class EdxRestApiClientTest(TestCase):
             'username': self.user.username,
             'full_name': self.user.profile.name,
             'email': self.user.email,
-            'iss': settings.JWT_ISSUER,
-            'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.JWT_EXPIRATION),
+            'iss': settings.JWT_AUTH['JWT_ISSUER'],
+            'exp': datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.JWT_AUTH['JWT_EXPIRATION']),
             'tracking_context': {
                 'lms_user_id': self.user.id,  # pylint: disable=no-member
                 'lms_client_id': self.TEST_CLIENT_ID,
diff --git a/lms/djangoapps/oauth_dispatch/views.py b/lms/djangoapps/oauth_dispatch/views.py
index 0a62a0c80f..6936a6cd0f 100644
--- a/lms/djangoapps/oauth_dispatch/views.py
+++ b/lms/djangoapps/oauth_dispatch/views.py
@@ -16,6 +16,8 @@ from django.views.generic import View
 from edx_oauth2_provider import views as dop_views  # django-oauth2-provider views
 from oauth2_provider import models as dot_models, views as dot_views  # django-oauth-toolkit
 
+from openedx.core.djangoapps.theming import helpers
+
 from . import adapters
 
 
@@ -121,10 +123,10 @@ class AccessTokenView(_DispatchingView):
     def _generate_jwt(self, user, scopes, expires_in):
         """ Returns a JWT access token. """
         now = int(time())
-
+        jwt_auth = helpers.get_value("JWT_AUTH", settings.JWT_AUTH)
         payload = {
-            'iss': settings.JWT_AUTH['JWT_ISSUER'],
-            'aud': settings.JWT_AUTH['JWT_AUDIENCE'],
+            'iss': jwt_auth['JWT_ISSUER'],
+            'aud': jwt_auth['JWT_AUDIENCE'],
             'exp': now + expires_in,
             'iat': now,
             'preferred_username': user.username,
@@ -136,8 +138,8 @@ class AccessTokenView(_DispatchingView):
             if handler:
                 handler(payload, user)
 
-        secret = settings.JWT_AUTH['JWT_SECRET_KEY']
-        token = jwt.encode(payload, secret, algorithm=settings.JWT_AUTH['JWT_ALGORITHM'])
+        secret = jwt_auth['JWT_SECRET_KEY']
+        token = jwt.encode(payload, secret, algorithm=jwt_auth['JWT_ALGORITHM'])
 
         return token
 
diff --git a/lms/envs/aws.py b/lms/envs/aws.py
index ab291ed544..7b8b52e2ff 100644
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -766,8 +766,6 @@ LTI_AGGREGATE_SCORE_PASSBACK_DELAY = ENV_TOKENS.get(
 CREDIT_HELP_LINK_URL = ENV_TOKENS.get('CREDIT_HELP_LINK_URL', CREDIT_HELP_LINK_URL)
 
 #### JWT configuration ####
-JWT_ISSUER = ENV_TOKENS.get('JWT_ISSUER', JWT_ISSUER)
-JWT_EXPIRATION = ENV_TOKENS.get('JWT_EXPIRATION', JWT_EXPIRATION)
 JWT_AUTH.update(ENV_TOKENS.get('JWT_AUTH', {}))
 PUBLIC_RSA_KEY = ENV_TOKENS.get('PUBLIC_RSA_KEY', PUBLIC_RSA_KEY)
 PRIVATE_RSA_KEY = ENV_TOKENS.get('PRIVATE_RSA_KEY', PRIVATE_RSA_KEY)
diff --git a/lms/envs/common.py b/lms/envs/common.py
index 2e8d159c14..b0f2470943 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -2141,6 +2141,8 @@ JWT_AUTH = {
     'JWT_PAYLOAD_GET_USERNAME_HANDLER': lambda d: d.get('username'),
     'JWT_LEEWAY': 1,
     'JWT_DECODE_HANDLER': 'edx_rest_framework_extensions.utils.jwt_decode_handler',
+    # Number of seconds before JWT tokens expire
+    'JWT_EXPIRATION': 30,
 }
 
 # The footer URLs dictionary maps social footer names
@@ -2793,9 +2795,6 @@ LTI_USER_EMAIL_DOMAIN = 'lti.example.com'
 # The time value is in seconds.
 LTI_AGGREGATE_SCORE_PASSBACK_DELAY = 15 * 60
 
-# Number of seconds before JWT tokens expire
-JWT_EXPIRATION = 30
-JWT_ISSUER = None
 
 # For help generating a key pair import and run `openedx.core.lib.rsa_key_utils.generate_rsa_key_pair()`
 PUBLIC_RSA_KEY = None
diff --git a/openedx/core/djangoapps/commerce/utils.py b/openedx/core/djangoapps/commerce/utils.py
index 929f186c95..081d2b6cb4 100644
--- a/openedx/core/djangoapps/commerce/utils.py
+++ b/openedx/core/djangoapps/commerce/utils.py
@@ -32,6 +32,7 @@ def is_commerce_service_configured():
 
 def ecommerce_api_client(user):
     """ Returns an E-Commerce API client setup with authentication for the specified user. """
+    jwt_auth = helpers.get_value("JWT_AUTH", settings.JWT_AUTH)
     return EdxRestApiClient(
         helpers.get_value("ECOMMERCE_API_URL", settings.ECOMMERCE_API_URL),
         helpers.get_value("ECOMMERCE_API_SIGNING_KEY", settings.ECOMMERCE_API_SIGNING_KEY),
@@ -39,6 +40,6 @@ def ecommerce_api_client(user):
         user.profile.name if hasattr(user, 'profile') else None,
         user.email,
         tracking_context=create_tracking_context(user),
-        issuer=settings.JWT_ISSUER,
-        expires_in=settings.JWT_EXPIRATION
+        issuer=jwt_auth['JWT_ISSUER'],
+        expires_in=jwt_auth['JWT_EXPIRATION']
     )