UsersManager.createAppSpecificTokenAuth not working as expected

I’m using the reporting API to create a token auth for a user with this function: UsersManager.createAppSpecificTokenAuth (userLogin, passwordConfirmation, description, expireDate = ‘’, expireHours = ‘0’)
My first assumption was that I can set an exact time with expireDate and expireHours, which indicates until when a token is valid. But this did not seem to be the case. So I assumed that you have to pass either expireDate or expireHours and that expireHours is a lifetime in hours. So I create a token which should be valid for 1 hour. But after more than 2 hours it is still valid. Therefore I would like to know from you, how exactly the function createAppSpecificTokenAuth works, so that I can generate a token, which is valid for only 1 hour?