diff --git a/classes/IdTokenBuilder.php b/classes/IdTokenBuilder.php
index e5eb200b5b58f28db6edf9df1967b12f25876318..18d3a16a08d1c088ad2bed13f5bd88dd95a7711d 100644
--- a/classes/IdTokenBuilder.php
+++ b/classes/IdTokenBuilder.php
@@ -28,8 +28,8 @@ class IdTokenBuilder {
         $payloadArr = array(
             'iss' => $this->locator->config->jwtIssuer,
             'sub' => $user->id,
-            'iat' => $accessToken->creationTime,
-            'exp' => $accessToken->expirationTime,
+            'iat' => intval($accessToken->creationTime),
+            'exp' => intval($accessToken->expirationTime),
             'name' => $user->getCompleteName(),
             'aud' => $accessToken->clientId
         );
diff --git a/classes/OAuth2RequestHandler.php b/classes/OAuth2RequestHandler.php
index 895752532af055fb221cd85289ef9edd7684fcca..4d4c1243db2e5a1bd1e64dea88bd90f5b6baf623 100644
--- a/classes/OAuth2RequestHandler.php
+++ b/classes/OAuth2RequestHandler.php
@@ -202,12 +202,17 @@ class OAuth2RequestHandler {
     public function handleCheckTokenRequest($token): array {
 
         $accessToken = $this->locator->getAccessTokenDAO()->getAccessToken($token);
+        if ($accessToken === null) {
+            throw new UnauthorizedException("Invalid access token");
+        }
+
         $user = $this->locator->getUserDAO()->findUserById($accessToken->userId);
 
         $result = [];
         $result['exp'] = $accessToken->expirationTime - time();
         $result['user_name'] = $user->id;
         $result['client_id'] = $accessToken->clientId;
+        $result['refresh_token'] = $this->getNewRefreshToken($accessToken);
 
         if ($accessToken->scope !== null) {
             $result['scope'] = $accessToken->scope;