diff --git a/src/api/auth.js b/src/api/auth.js
index cd5fb21..dbcc079 100644
--- a/src/api/auth.js
+++ b/src/api/auth.js
@@ -34,8 +34,11 @@ export async function refreshTokenAndGetNew() {
   };
 
   const response = await axios.post(api, data, config);
-  const newAccessToken = response.data.access_token;
-  const newRefreshToken = response.data.refresh_token;
+  const newAccessToken = response.data?.access_token;
+  const newRefreshToken = response.data?.refresh_token;
+  if (!newAccessToken || !newRefreshToken) {
+    throw new Error("Invalid token response structure");
+  }
 
   setCookieWithoutExpiration("luciaToken", newAccessToken);
   // Expire in ~6 months