diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs
index 5ed57c9..79ad4cc 100755
--- a/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs
+++ b/src/Duende.AccessTokenManagement.OpenIdConnect/AuthenticationSessionUserTokenStore.cs
@@ -213,7 +213,7 @@ public Task ClearTokenAsync(
             ClaimsPrincipal user, 
             UserTokenRequestParameters? parameters = null)
         {
-            // todo
+            // don't bother here, since likely we're in the middle of signing out
             return Task.CompletedTask;
         }
 
diff --git a/src/Duende.AccessTokenManagement.OpenIdConnect/UserAccessTokenManagementService.cs b/src/Duende.AccessTokenManagement.OpenIdConnect/UserAccessTokenManagementService.cs
index 28991b5..fb70626 100755
--- a/src/Duende.AccessTokenManagement.OpenIdConnect/UserAccessTokenManagementService.cs
+++ b/src/Duende.AccessTokenManagement.OpenIdConnect/UserAccessTokenManagementService.cs
@@ -135,8 +135,10 @@ private async Task<UserToken> RefreshUserAccessTokenAsync(
     {
         var userToken = await _userAccessTokenStore.GetTokenAsync(user, parameters);
 
-        // todo: should not happen - should we use better exception?
-        ArgumentNullException.ThrowIfNull(userToken.RefreshToken);
+        if (String.IsNullOrWhiteSpace(userToken.RefreshToken))
+        {
+            throw new InvalidOperationException("No refresh token in store.");
+        }
 
         var refreshedToken =
             await _tokenEndpointService.RefreshAccessTokenAsync(userToken.RefreshToken, parameters, cancellationToken);