diff --git a/src/OAuth2/RefreshTokenStorage.php b/src/OAuth2/RefreshTokenStorage.php
new file mode 100644
index 0000000..4bd6182
--- /dev/null
+++ b/src/OAuth2/RefreshTokenStorage.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace Pickles\OAuth2;
+
+use \League\OAuth2\Server\Entity\RefreshTokenEntity;
+use \League\OAuth2\Server\Storage\RefreshTokenInterface;
+
+class RefreshTokenStorage extends StorageAdapter implements RefreshTokenInterface
+{
+    public function get($token)
+    {
+        $sql = 'SELECT oauth_refresh_tokens.*'
+             . ' FROM oauth_refresh_tokens'
+             . ' WHERE refresh_token = ?'
+             . ' AND expires_at >= ?;';
+
+        $results = $this->db->fetch($sql, [$token, time()]);
+
+        if (count($results) === 1)
+        {
+            return (new RefreshTokenEntity($this->server))
+                ->setId($result[0]['refresh_token'])
+                ->setExpireTime($result[0]['expires_at'])
+                ->setAccessTokenId($result[0]['access_token_id']);
+        }
+
+        return null;
+    }
+
+    public function create($token, $expiration, $access_token)
+    {
+        $sql      = 'SELECT id FROM oauth_access_tokens WHERE access_token = ?;';
+        $results  = $this->db->fetch($sql, [$access_token]);
+        $token_id = $results[0]['id'];
+
+        $sql = 'INSERT INTO oauth_refresh_tokens'
+             . ' (refresh_token, access_token_id, expires_at, client_id)'
+             . ' VALUES'
+             . ' (?, ?, ?, ?);';
+
+        $this->db->execute($sql, [
+            $token,
+            $token_id,
+            $expiration,
+            $this->server->getRequest()->request->get('client_id', null),
+        ]);
+    }
+
+    public function delete(RefreshTokenEntity $token)
+    {
+        $sql = 'DELETE FROM oauth_refresh_tokens WHERE refresh_token = ?;';
+
+        $this->db->execute($sql, [$token->getId()]);
+    }
+}
+
diff --git a/src/OAuth2/Resource.php b/src/OAuth2/Resource.php
index 68a3a73..e34b9b8 100644
--- a/src/OAuth2/Resource.php
+++ b/src/OAuth2/Resource.php
@@ -4,6 +4,7 @@ namespace Pickles\OAuth2;
 
 use \League\OAuth2\Server\AuthorizationServer;
 use \League\OAuth2\Server\Grant\PasswordGrant;
+use \League\OAuth2\Server\Grant\RefreshTokenGrant;
 use \Pickles\App\Models\User;
 use \Pickles\Config;
 
@@ -27,6 +28,7 @@ class Resource extends \Pickles\Resource
                     $server->setAccessTokenStorage(new AccessTokenStorage);
                     $server->setClientStorage(new ClientStorage);
                     $server->setScopeStorage(new ScopeStorage);
+                    $server->setRefreshTokenStorage(new RefreshTokenStorage);
 
                     switch ($_REQUEST['grant_type'])
                     {
@@ -44,6 +46,8 @@ class Resource extends \Pickles\Resource
 
                         case 'password':
                             $grant = new PasswordGrant;
+                            $grant->setAccessTokenTTL(3600);
+                            // @todo ^^^ check config and use that value
 
                             $grant->setVerifyCredentialsCallback(function ($username, $password)
                             {
@@ -66,6 +70,9 @@ class Resource extends \Pickles\Resource
 
                     $server->addGrantType($grant);
 
+                    $refreshTokenGrant = new RefreshTokenGrant;
+                    $server->addGrantType($refreshTokenGrant);
+
                     $response = $server->issueAccessToken();
 
                     return $response;