diff --git a/addons/dexie-cloud/src/authentication/authenticate.ts b/addons/dexie-cloud/src/authentication/authenticate.ts
index 5a7c87aa6..4a5057a63 100644
--- a/addons/dexie-cloud/src/authentication/authenticate.ts
+++ b/addons/dexie-cloud/src/authentication/authenticate.ts
@@ -23,7 +23,7 @@ export type FetchTokenCallback = (tokenParams: {
 
 export async function loadAccessToken(
   db: DexieCloudDB
-): Promise<string | undefined> {
+): Promise<UserLogin | null> {
   const currentUser = await db.getCurrentUser();
   const {
     accessToken,
@@ -32,10 +32,10 @@ export async function loadAccessToken(
     refreshTokenExpiration,
     claims,
   } = currentUser;
-  if (!accessToken) return;
+  if (!accessToken) return null;
   const expTime = accessTokenExpiration?.getTime() ?? Infinity;
   if (expTime > Date.now()) {
-    return accessToken;
+    return currentUser;
   }
   if (!refreshToken) {
     throw new Error(`Refresh token missing`);
@@ -51,8 +51,9 @@ export async function loadAccessToken(
   await db.table('$logins').update(claims.sub, {
     accessToken: refreshedLogin.accessToken,
     accessTokenExpiration: refreshedLogin.accessTokenExpiration,
+    license: refreshedLogin.license
   });
-  return refreshedLogin.accessToken;
+  return refreshedLogin;
 }
 
 export async function authenticate(
@@ -116,7 +117,10 @@ export async function refreshAccessToken(
   });
   if (res.status !== 200)
     throw new Error(`RefreshToken: Status ${res.status} from ${url}/token`);
-  const response: TokenFinalResponse = await res.json();
+  const response: TokenFinalResponse | TokenErrorResponse = await res.json();
+  if (response.type === 'error') {
+    throw new TokenErrorResponseError(response);
+  }
   login.accessToken = response.accessToken;
   login.accessTokenExpiration = response.accessTokenExpiration
     ? new Date(response.accessTokenExpiration)
@@ -124,7 +128,7 @@ export async function refreshAccessToken(
   login.claims = response.claims;
   login.license = {
     type: response.userType,
-    status: response.claims.license || 'ok'
+    status: response.claims.license || 'ok',
   }
   if (response.evalDaysLeft != null) {
     login.license.evalDaysLeft = response.evalDaysLeft;
diff --git a/addons/dexie-cloud/src/sync/syncWithServer.ts b/addons/dexie-cloud/src/sync/syncWithServer.ts
index 4303324c9..54d7976c0 100644
--- a/addons/dexie-cloud/src/sync/syncWithServer.ts
+++ b/addons/dexie-cloud/src/sync/syncWithServer.ts
@@ -32,7 +32,18 @@ export async function syncWithServer(
     Accept: 'application/json, application/x-bison, application/x-bison-stream',
     'Content-Type': 'application/tson'
   };
-  const accessToken = await loadAccessToken(db);
+  const updatedUser = await loadAccessToken(db);
+  if (updatedUser) {
+    if (updatedUser.license && updatedUser.license.status === 'expired') {
+      throw new Error(
+        `License has expired`
+      );
+    }
+    if (updatedUser.license && updatedUser.license.status === 'deactivated') {
+      throw new Error(`License deactivated`);
+    }
+  }
+  const accessToken = updatedUser?.accessToken;
   if (accessToken) {
     headers.Authorization = `Bearer ${accessToken}`;
   }