diff --git a/api/components/OAuth2/Grants/RefreshTokenGrant.php b/api/components/OAuth2/Grants/RefreshTokenGrant.php
index 53d7b12..648ef69 100644
--- a/api/components/OAuth2/Grants/RefreshTokenGrant.php
+++ b/api/components/OAuth2/Grants/RefreshTokenGrant.php
@@ -46,6 +46,11 @@ class RefreshTokenGrant extends BaseRefreshTokenGrant {
         return null;
     }
 
+    /**
+     * @param string $refreshToken
+     * @return array
+     * @throws OAuthServerException
+     */
     private function validateLegacyRefreshToken(string $refreshToken): array {
         $result = Yii::$app->redis->get("oauth:refresh:tokens:{$refreshToken}");
         if ($result === null) {
diff --git a/api/components/OAuth2/Repositories/RefreshTokenRepository.php b/api/components/OAuth2/Repositories/RefreshTokenRepository.php
index fc43c68..b1096ed 100644
--- a/api/components/OAuth2/Repositories/RefreshTokenRepository.php
+++ b/api/components/OAuth2/Repositories/RefreshTokenRepository.php
@@ -30,8 +30,7 @@ class RefreshTokenRepository implements RefreshTokenRepositoryInterface {
     }
 
     public function isRefreshTokenRevoked($tokenId): bool {
-        // TODO: validate old refresh tokens
-        return !OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists();
+        return OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists() === false;
     }
 
 }