diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index a65a85355..d4b649a58 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -250,7 +250,11 @@ public class ClientDetailsEntity implements ClientDetails {
      */
 	@Transient
     public boolean isAllowRefresh() {
-    	return getAuthorizedGrantTypes().contains("refresh_token");
+		if (grantTypes != null) {
+			return getAuthorizedGrantTypes().contains("refresh_token");
+		} else {
+			return false; // if there are no grants, we can't be refreshing them, can we?
+		}
     }
 
 	@Basic