diff --git a/nuxt.config.ts b/nuxt.config.ts
index fd3273d..cfbb96d 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -65,16 +65,18 @@ export default defineNuxtConfig({
 	auth: {
 		baseURL: "/api/auth",
 		provider: {
-			type: "local",
+			type: "refresh",
 			pages: {
 				login: "/auth/login",
 			},
 			token: {
-				signInResponseTokenPointer: "/token",
+				signInResponseTokenPointer: "/token/access",
 				type: "Bearer",
 				headerName: "Authorization",
 				maxAgeInSeconds: 14 * 24 * 60 * 60,
-				// sameSiteAttribute: ,
+			},
+			refreshToken: {
+				signInResponseRefreshTokenPointer: "/token/refresh",
 			},
 			// @ts-ignore
 			sessionDataType: {} as IUser,
@@ -85,6 +87,10 @@ export default defineNuxtConfig({
 					path: "/session",
 					method: "get",
 				},
+				refresh: {
+					path: "/refresh",
+					method: "post",
+				},
 			},
 		},
 		globalAppMiddleware: false,
diff --git a/server/api/auth/refresh.post.ts b/server/api/auth/refresh.post.ts
new file mode 100644
index 0000000..30320e7
--- /dev/null
+++ b/server/api/auth/refresh.post.ts
@@ -0,0 +1,27 @@
+import jswt from "jsonwebtoken";
+import { IJwt } from "@server/types/authstuff";
+import { User } from "@models/user";
+import { log } from "@server/logger";
+const { verify } = jswt;
+export default eventHandler(async (ev) => {
+	const body = await readBody<any>(ev);
+	const errMsg = createError({ statusCode: 403, message: "could not verify!" });
+	const { jwt } = useRuntimeConfig();
+	log.debug(JSON.stringify(body), { label: "WHAT???" });
+	if (!body.refreshToken) {
+		throw errMsg;
+	}
+	const decoded = verify(body.refreshToken, jwt) as IJwt | undefined;
+
+	if (!decoded) {
+		throw errMsg;
+	}
+	const user = await User.findById(decoded.id);
+	if (!user) throw errMsg;
+	return {
+		token: {
+			access: user.generateAccessToken(jwt),
+			refresh: user.generateRefreshToken(jwt),
+		},
+	};
+});