diff --git a/src/Repository/Pdo/AccessTokenRepository.php b/src/Repository/Pdo/AccessTokenRepository.php
index cac3249..03aa739 100644
--- a/src/Repository/Pdo/AccessTokenRepository.php
+++ b/src/Repository/Pdo/AccessTokenRepository.php
@@ -12,6 +12,7 @@
 
 use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use Zend\Expressive\Authentication\OAuth2\Entity\AccessTokenEntity;
@@ -114,6 +115,9 @@ public function isAccessTokenRevoked($tokenId)
             return false;
         }
         $row = $sth->fetch();
+        if (! is_array($row)) {
+            throw OAuthServerException::invalidRefreshToken();
+        }
 
         return array_key_exists('revoked', $row) ? (bool) $row['revoked'] : false;
     }
diff --git a/test/Repository/Pdo/AccessTokenRepositoryTest.php b/test/Repository/Pdo/AccessTokenRepositoryTest.php
index 4bb48cc..85b61b9 100644
--- a/test/Repository/Pdo/AccessTokenRepositoryTest.php
+++ b/test/Repository/Pdo/AccessTokenRepositoryTest.php
@@ -15,6 +15,7 @@
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use League\OAuth2\Server\Entities\Traits\AccessTokenTrait;
+use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
 use PDOStatement;
 use PHPUnit\Framework\TestCase;
@@ -133,6 +134,21 @@ public function testIsAccessTokenRevokedReturnsTrueWhenRowRevokedFlagIsTrue()
         $this->assertTrue($this->repo->isAccessTokenRevoked('token_id'));
     }
 
+    public function testIsAcessTokenRevokedRaisesExceptionWhenTokenIdDontExists()
+    {
+        $statement = $this->prophesize(PDOStatement::class);
+        $statement->bindParam(':tokenId', 'token_id')->shouldBeCalled();
+        $statement->execute()->willReturn(true)->shouldBeCalled();
+        $statement->fetch()->willReturn(false)->shouldBeCalled();
+
+        $this->pdo
+            ->prepare(Argument::containingString('SELECT revoked FROM oauth_access_tokens'))
+            ->will([$statement, 'reveal']);
+
+        $this->expectException(OAuthServerException::class);
+        $this->repo->isAccessTokenRevoked('token_id');
+    }
+
     public function testRevokeAccessToken()
     {
         $statement = $this->prophesize(PDOStatement::class);