diff --git a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
index 25250be..a7c78c8 100644
--- a/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
+++ b/src/main/java/org/gcube/portal/threadlocalexec/SmartGearsPortalValve.java
@@ -152,7 +152,27 @@ public class SmartGearsPortalValve extends ValveBase {
                 _log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
                 OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
                 try {
-                    // TODO: handle the token expired case and renew it with refresh token.
+                    if (authToken.isExpired()) {
+                        if (_log.isDebugEnabled()) {
+                            _log.debug("OIDC token is expired, refreshing it");
+                            try {
+                                authToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(),
+                                        authToken);
+
+                            } catch (Exception e) {
+                                _log.error("Refreshing OIDC token on server", e);
+                                return;
+                            }
+                            if (_log.isDebugEnabled()) {
+                                _log.debug("Setting refreshed OIDC token in cache proxy");
+                            }
+                            OIDCTokenCacheProxy.getInstance().setOIDCToken(user, session, umaToken);
+                            if (_log.isDebugEnabled()) {
+                                _log.debug("Setting refreshed OIDC token in session");
+                            }
+                            JWTTokenUtil.putOIDCInSession(authToken, session);
+                        }
+                    }
                     umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
                             authToken.getAsBearer(),
                             urlEncodedScope, null);
@@ -169,6 +189,27 @@ public class SmartGearsPortalValve extends ValveBase {
                 }
                 JWTTokenUtil.putUMAInSession(umaToken, session);
             }
+        } else {
+            if (umaToken.isExpired()) {
+                if (_log.isDebugEnabled()) {
+                    _log.debug("UMA token is expired, refreshing it");
+                }
+                OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
+                try {
+                    umaToken = OpenIdConnectRESTHelper.refreshToken(configuration.getTokenURL(), umaToken);
+                } catch (Exception e) {
+                    _log.error("Refreshing UMA token on server", e);
+                    return;
+                }
+                if (_log.isDebugEnabled()) {
+                    _log.debug("Setting refreshed UMA token in cache proxy");
+                }
+                OIDCTokenCacheProxy.getInstance().setRPTToken(getCurrentUser(request), session, umaToken);
+                if (_log.isDebugEnabled()) {
+                    _log.debug("Setting refreshed UMA token in session");
+                }
+                JWTTokenUtil.putUMAInSession(umaToken, session);
+            }
         }
         if (_log.isDebugEnabled()) {
             _log.debug("Setting UMA token in UMA JWT provider");