diff --git a/classes/OAuth2RequestHandler.php b/classes/OAuth2RequestHandler.php
index c656d120194e79498da8bff092944e99bb2fd94c..1ce8a7cf5c6cd61f12a76028aebc5d4d1a726887 100644
--- a/classes/OAuth2RequestHandler.php
+++ b/classes/OAuth2RequestHandler.php
@@ -127,7 +127,8 @@ class OAuth2RequestHandler {
             throw new BadRequestException("refresh_token is required");
         }
 
-        $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($params['refresh_token']);
+        $tokenHash = hash('sha256', $params['refresh_token']);
+        $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($tokenHash);
 
         if ($refreshToken === null || $refreshToken->isExpired()) {
             throw new UnauthorizedException("Invalid refresh token");
@@ -136,22 +137,22 @@ class OAuth2RequestHandler {
         $scope = $this->getScope($params, $refreshToken);
 
         // Generating a new access token
-        $accessToken = new AccessTokenData();
-        $accessToken->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128)));
-        $accessToken->clientId = $refreshToken->clientId;
-        $accessToken->userId = $refreshToken->userId;
-        $accessToken->scope = $scope;
+        $accessTokenData = new AccessTokenData();
+        $accessTokenData->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128)));
+        $accessTokenData->clientId = $refreshToken->clientId;
+        $accessTokenData->userId = $refreshToken->userId;
+        $accessTokenData->scope = $scope;
 
-        $accessToken = $this->locator->getAccessTokenDAO()->createAccessToken($accessToken);
+        $accessTokenData = $this->locator->getAccessTokenDAO()->createTokenData($accessTokenData);
 
-        return $this->getAccessTokenResponse($accessToken);
+        return $this->getAccessTokenResponse($accessTokenData);
     }
 
     /**
      * We can request a new access token with a scope that is a subset (or the
      * same set) of the scope defined for the refresh token.
      */
-    private function getScope(array $params, RefreshToken $refreshToken): ?array {
+    private function getScope(array $params, RefreshTokenData $refreshToken): ?array {
 
         $scope = $refreshToken->scope;
 
@@ -174,7 +175,7 @@ class OAuth2RequestHandler {
 
             $scope = $newScopeValues;
         }
-            
+
         return $scope;
     }
 
diff --git a/classes/TokenBuilder.php b/classes/TokenBuilder.php
index 75c6a04e6b36892634ff127c225729389a8f9aa2..b6a53fab3a5232988bb4b99cb009804229edcf54 100644
--- a/classes/TokenBuilder.php
+++ b/classes/TokenBuilder.php
@@ -78,7 +78,6 @@ class TokenBuilder {
         $client = $this->locator->getOAuth2ClientDAO()->getOAuth2ClientByClientId($tokenData->clientId);
 
         $audiences = [$tokenData->clientId];
-        error_log(json_encode($client->scopeAudienceMap));
 
         foreach ($tokenData->scope as $scope) {
             if (array_key_exists($scope, $client->scopeAudienceMap)) {
diff --git a/classes/datalayer/mysql/MySQLRefreshTokenDAO.php b/classes/datalayer/mysql/MySQLRefreshTokenDAO.php
index a99864e98ea88f4466ff27a6732c7b42f8109d7d..28b5c2804a9b7cbdf4d092ed38d032774db5af39 100644
--- a/classes/datalayer/mysql/MySQLRefreshTokenDAO.php
+++ b/classes/datalayer/mysql/MySQLRefreshTokenDAO.php
@@ -43,7 +43,7 @@ class MySQLRefreshTokenDAO extends BaseMySQLDAO implements RefreshTokenDAO {
         $stmt = $dbh->prepare("SELECT user_id, client_id, creation_time, expiration_time, scope "
                 . " FROM refresh_token WHERE token_hash = :token_hash");
 
-        $stmt->bindParam(':token', $tokenHash);
+        $stmt->bindParam(':token_hash', $tokenHash);
 
         $stmt->execute();