diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
index 99bf577c8..019238b66 100644
--- a/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
+++ b/openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html
@@ -264,6 +264,9 @@
                     <label class="checkbox">
                         <input id="grantTypes-redelegate" type="checkbox" <%-($.inArray("urn:ietf:params:oauth:grant_type:redelegate", client.grant_types) > -1 ? 'checked' : '')%>> redelegate
                     </label>
+                    <label class="checkbox">
+                        <input id="grantTypes-refresh_token" type="checkbox" <%-($.inArray("refresh_token", client.grant_types) > -1 ? 'checked' : '')%>> refresh token
+                    </label>
 
                 </div>
             </div>
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index d74449ce3..3f618cccd 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -108,18 +108,28 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 			client = generateClientId(client);
 		}
 
-		// if the client is flagged to allow for refresh tokens, make sure it's got the right granted scopes
-		if (client.isAllowRefresh()) {
-			client.getScope().add(SystemScopeService.OFFLINE_ACCESS);
-		} else {
-			client.getScope().remove(SystemScopeService.OFFLINE_ACCESS);
-		}
+		// for refresh tokens, ensure consistency between grant types and tokens
+		ensureRefreshTokenConsistency(client);
 
 		// timestamp this to right now
 		client.setCreatedAt(new Date());
 
 
 		// check the sector URI
+		checkSectorIdentifierUri(client);
+
+
+		// make sure a client doesn't get any special system scopes
+		client.setScope(scopeService.removeRestrictedScopes(client.getScope()));
+
+		ClientDetailsEntity c = clientRepository.saveClient(client);
+
+		statsService.resetCache();
+
+		return c;
+	}
+
+	private void checkSectorIdentifierUri(ClientDetailsEntity client) {
 		if (!Strings.isNullOrEmpty(client.getSectorIdentifierUri())) {
 			try {
 				List<String> redirects = sectorRedirects.get(client.getSectorIdentifierUri());
@@ -136,16 +146,13 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 				throw new IllegalArgumentException("Unable to load sector identifier URI: " + client.getSectorIdentifierUri());
 			}
 		}
+	}
 
-
-		// make sure a client doesn't get any special system scopes
-		client.setScope(scopeService.removeRestrictedScopes(client.getScope()));
-
-		ClientDetailsEntity c = clientRepository.saveClient(client);
-
-		statsService.resetCache();
-
-		return c;
+	private void ensureRefreshTokenConsistency(ClientDetailsEntity client) {
+		if (client.getAuthorizedGrantTypes().contains("refresh_token") || client.getScope().contains(SystemScopeService.OFFLINE_ACCESS)) {
+			client.getScope().add(SystemScopeService.OFFLINE_ACCESS);
+			client.getAuthorizedGrantTypes().add("refresh_token");
+		}
 	}
 
 	/**
@@ -230,30 +237,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 			}
 
 			// if the client is flagged to allow for refresh tokens, make sure it's got the right scope
-			if (newClient.isAllowRefresh()) {
-				newClient.getScope().add(SystemScopeService.OFFLINE_ACCESS);
-			} else {
-				newClient.getScope().remove(SystemScopeService.OFFLINE_ACCESS);
-			}
-
+			ensureRefreshTokenConsistency(newClient);
+			
 			// check the sector URI
-			if (!Strings.isNullOrEmpty(newClient.getSectorIdentifierUri())) {
-				try {
-					List<String> redirects = sectorRedirects.get(newClient.getSectorIdentifierUri());
-
-					if (newClient.getRegisteredRedirectUri() != null) {
-						for (String uri : newClient.getRegisteredRedirectUri()) {
-							if (!redirects.contains(uri)) {
-								throw new IllegalArgumentException("Requested Redirect URI " + uri + " is not listed at sector identifier " + redirects);
-							}
-						}
-					}
-				} catch (UncheckedExecutionException ue) {
-					throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri());
-				} catch (ExecutionException e) {
-					throw new IllegalArgumentException("Unable to load sector identifier URI: " + newClient.getSectorIdentifierUri());
-				}
-			}
+			checkSectorIdentifierUri(newClient);
 
 			// make sure a client doesn't get any special system scopes
 			newClient.setScope(scopeService.removeRestrictedScopes(newClient.getScope()));