diff --git a/src/Laravel/Controllers/CallbackApiController.php b/src/Laravel/Controllers/CallbackApiController.php
index cbd1a2a..b0a040f 100644
--- a/src/Laravel/Controllers/CallbackApiController.php
+++ b/src/Laravel/Controllers/CallbackApiController.php
@@ -12,8 +12,7 @@
 use Symfony\Component\HttpFoundation\Response;
 
 use AntiPatternInc\Saasus\Api\Client as ApiClient;
-use AntiPatternInc\Saasus\Sdk\Auth\Exception\GetAuthCredentialsNotFoundException;
-use AntiPatternInc\Saasus\Sdk\Auth\Exception\GetAuthCredentialsInternalServerErrorException;
+use Http\Client\Exception\HttpException;
 
 class CallbackApiController extends BaseController
 {
@@ -30,12 +29,33 @@ public function index(Request $request)
       $res = $authApi->getAuthCredentials([
         'code' => $request->code, 'auth-flow' => 'tempCodeAuth',
       ], $authApi::FETCH_RESPONSE);
-      return json_decode($res->getBody(), true);
-    } catch (GetAuthCredentialsNotFoundException | GetAuthCredentialsInternalServerErrorException $e) {
-      if (get_class($e) == 'GetAuthCredentialsNotFoundException') {
-        Log::info('Type: Not Found, Message: ' . $e->getError());
-        return response()->json('credentials not found', Response::HTTP_NOT_FOUND);
+      $body = json_decode($res->getBody(), true);
+      if (empty($body['refresh_token'])) {
+        return response()->json($body, Response::HTTP_OK);
       }
+      $arr_cookie_options = array(
+        'expires' => time() + 60 * 60 * 24 * 30,
+        'path' => '/api/token/refresh',
+        'secure' => true,
+        'httponly' => true,
+        'samesite' => 'None'
+      );
+      setcookie('saasus_refresh_token', $body['refresh_token'], $arr_cookie_options);
+      return response()->json($body, Response::HTTP_OK);
+    } catch (\Exception $e) {
+      if ($e instanceof HttpException) {
+        $statusCode = $e->getResponse()->getStatusCode();
+        $type = json_decode($e->getResponse()->getBody(), true)["type"];
+        $message = json_decode($e->getResponse()->getBody(), true)["message"];
+        if ($statusCode == Response::HTTP_NOT_FOUND) {
+          Log::info('Type: ' . $type . ', Message: ' . $message);
+          return response()->json(['type' => $type, 'message' => $message], Response::HTTP_NOT_FOUND);
+        }
+        Log::info('Type: ' . $type . ', Message: ' . $message);
+        return response()->json(['type' => $type, 'message' => $message], Response::HTTP_INTERNAL_SERVER_ERROR);
+      }
+      Log::info('Uncaught error: ' . $e);
+      return response()->json('Uncaught error', Response::HTTP_INTERNAL_SERVER_ERROR);
     }
   }
 }
diff --git a/src/Laravel/Controllers/CallbackController.php b/src/Laravel/Controllers/CallbackController.php
index bf76684..bc42bfd 100644
--- a/src/Laravel/Controllers/CallbackController.php
+++ b/src/Laravel/Controllers/CallbackController.php
@@ -10,8 +10,8 @@
 use Illuminate\Support\Facades\Log;
 
 use AntiPatternInc\Saasus\Api\Client as ApiClient;
-use AntiPatternInc\Saasus\Sdk\Auth\Exception\GetAuthCredentialsNotFoundException;
-use AntiPatternInc\Saasus\Sdk\Auth\Exception\GetAuthCredentialsInternalServerErrorException;
+use Http\Client\Exception\HttpException;
+use Symfony\Component\HttpFoundation\Response;
 
 class CallbackController extends BaseController
 {
@@ -30,12 +30,19 @@ public function index(Request $request)
                 'code' => $request->code, 'auth-flow' => 'tempCodeAuth',
             ]);
             $idToken = $res->getIdToken();
-        } catch (GetAuthCredentialsNotFoundException | GetAuthCredentialsInternalServerErrorException $e) {
-            if (get_class($e) == 'GetAuthCredentialsNotFoundException') {
-                Log::info('Type: Not Found, Message: ' . $e->getError());
+        } catch (\Exception $e) {
+            if ($e instanceof HttpException) {
+                $statusCode = $e->getResponse()->getStatusCode();
+                $type = json_decode($e->getResponse()->getBody(), true)["type"];
+                $message = json_decode($e->getResponse()->getBody(), true)["message"];
+                if ($statusCode == Response::HTTP_NOT_FOUND) {
+                    Log::info('Type: ' . $type . ', Message: ' . $message);
+                    return redirect(getenv('SAASUS_LOGIN_URL'));
+                }
+                Log::info('Type: ' . $type . ', Message: ' . $message);
                 return redirect(getenv('SAASUS_LOGIN_URL'));
             }
-            Log::info('Type: Internal Server Error, Message: ' . $e->getError());
+            Log::info('Uncaught error: ' . $e);
             return redirect(getenv('SAASUS_LOGIN_URL'));
         }
         $arr_cookie_options = array(
diff --git a/src/Laravel/Controllers/TokenRefreshApiController.php b/src/Laravel/Controllers/TokenRefreshApiController.php
new file mode 100644
index 0000000..fee7514
--- /dev/null
+++ b/src/Laravel/Controllers/TokenRefreshApiController.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace AntiPatternInc\Saasus\Laravel\Controllers;
+
+use Illuminate\Http\Request;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+use Illuminate\Foundation\Bus\DispatchesJobs;
+use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Support\Facades\Log;
+
+use Symfony\Component\HttpFoundation\Response;
+
+use AntiPatternInc\Saasus\Api\Client as ApiClient;
+use Error;
+use Http\Client\Exception\HttpException;
+
+class TokenRefreshApiController extends BaseController
+{
+  use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
+
+  public function index(Request $request)
+  {
+    $refreshToken = $request->cookie('saasus_refresh_token');
+    if (empty($refreshToken)) {
+      return response()->json('saasus_refresh_token cookie is required', Response::HTTP_BAD_REQUEST);
+    }
+    $client = new ApiClient();
+    $authApi = $client->getAuthClient();
+    try {
+      $res = $authApi->getAuthCredentials([
+        'refresh-token' => $refreshToken, 'auth-flow' => 'refreshTokenAuth',
+      ], $authApi::FETCH_RESPONSE);
+      $body = json_decode($res->getBody(), true);
+      if (empty($body['id_token']) || empty($body['access_token'])) {
+        throw new Error('failed to get new credentials');
+      }
+      return response()->json($body, Response::HTTP_OK);
+    } catch (\Exception $e) {
+      if ($e instanceof HttpException) {
+        $statusCode = $e->getResponse()->getStatusCode();
+        $type = json_decode($e->getResponse()->getBody(), true)["type"];
+        $message = json_decode($e->getResponse()->getBody(), true)["message"];
+        if ($statusCode == Response::HTTP_NOT_FOUND) {
+          Log::info('Type: ' . $type . ', Message: ' . $message);
+          return response()->json(['type' => $type, 'message' => $message], Response::HTTP_NOT_FOUND);
+        }
+        Log::info('Type: ' . $type . ', Message: ' . $message);
+        return response()->json(['type' => $type, 'message' => $message], Response::HTTP_INTERNAL_SERVER_ERROR);
+      }
+      Log::info('Uncaught error: ' . $e);
+      return response()->json('Uncaught error', Response::HTTP_INTERNAL_SERVER_ERROR);
+    }
+  }
+}
diff --git a/src/Laravel/Middleware/Auth.php b/src/Laravel/Middleware/Auth.php
index 6cedfcd..ae4ec3e 100644
--- a/src/Laravel/Middleware/Auth.php
+++ b/src/Laravel/Middleware/Auth.php
@@ -5,9 +5,7 @@
 use AntiPatternInc\Saasus\Api\Client as ApiClient;
 use Closure;
 
-use AntiPatternInc\Saasus\Sdk\Auth\Exception\GetUserInfoUnauthorizedException;
-use AntiPatternInc\Saasus\Sdk\Auth\Exception\GetUserInfoInternalServerErrorException;
-
+use Http\Client\Exception\HttpException;
 use Symfony\Component\HttpFoundation\Response;
 
 use Illuminate\Support\Facades\Log;
@@ -43,17 +41,24 @@ public function handle(Request $request, Closure $next)
         $authApiClient = $client->getAuthClient();
         try {
             $response = $authApiClient->getUserInfo(['token' => $token], $authApiClient::FETCH_RESPONSE);
-        } catch (GetUserInfoUnauthorizedException | GetUserInfoInternalServerErrorException $e) {
-            if (get_class($e) == "GetUserInfoUnauthorizedException") {
-                Log::info('Type: Unauthorized, Message: ' . $e->getError());
-                if (getenv('SAASUS_AUTH_MODE') == "api") {
-                    return response()->json('Invalid ID Token.', Response::HTTP_UNAUTHORIZED);
-                } else {
-                    return redirect(getenv('SAASUS_LOGIN_URL'));
+        } catch (\Exception $e) {
+            if ($e instanceof HttpException) {
+                $statusCode = $e->getResponse()->getStatusCode();
+                $type = json_decode($e->getResponse()->getBody(), true)["type"];
+                $message = json_decode($e->getResponse()->getBody(), true)["message"];
+                if ($statusCode == Response::HTTP_UNAUTHORIZED) {
+                    Log::info('Type: ' . $type . ', Message: ' . $message);
+                    if (getenv('SAASUS_AUTH_MODE') == "api") {
+                        return response()->json(['type' => $type, 'message' => $message], Response::HTTP_UNAUTHORIZED);
+                    } else {
+                        return redirect(getenv('SAASUS_LOGIN_URL'));
+                    }
                 }
+                Log::info('Type: ' . $type . ', Message: ' . $message);
+                return response()->json(['type' => $type, 'message' => $message], Response::HTTP_INTERNAL_SERVER_ERROR);
             }
-            Log::info('Type: Intenal Server Error, Message: ' . $e->getError());
-            return response()->json('Unexpected response: ' . $e->getError(), Response::HTTP_INTERNAL_SERVER_ERROR);
+            Log::info('Uncaught error: ' . $e);
+            return response()->json('Uncaught error', Response::HTTP_INTERNAL_SERVER_ERROR);
         }
 
         $userinfo = $response->getBody();