diff --git a/changelog/unreleased/add-silentrefresh-middleware b/changelog/unreleased/add-silentrefresh-middleware
new file mode 100644
index 000000000..a7bf11377
--- /dev/null
+++ b/changelog/unreleased/add-silentrefresh-middleware
@@ -0,0 +1,6 @@
+Bugfix: allow silent refresh of access token
+
+Sets the `X-Frame-Options` header to `SAMEORIGIN` so the oidc client can refresh the token in an iframe.
+
+https://github.com/owncloud/ocis-konnectd/issues/69
+https://github.com/owncloud/ocis-phoenix/pull/69
diff --git a/pkg/middleware/silentrefresh.go b/pkg/middleware/silentrefresh.go
new file mode 100644
index 000000000..84fb50934
--- /dev/null
+++ b/pkg/middleware/silentrefresh.go
@@ -0,0 +1,13 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+// SilentRefresh allows the oidc client lib to silently refresh the token in an iframe
+func SilentRefresh(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("X-Frame-Options", "SAMEORIGIN")
+		next.ServeHTTP(w, r)
+	})
+}
diff --git a/pkg/server/http/server.go b/pkg/server/http/server.go
index 24d91d742..e92af475f 100644
--- a/pkg/server/http/server.go
+++ b/pkg/server/http/server.go
@@ -1,6 +1,7 @@
 package http
 
 import (
+	phoenixmid "github.com/owncloud/ocis-phoenix/pkg/middleware"
 	svc "github.com/owncloud/ocis-phoenix/pkg/service/v0"
 	"github.com/owncloud/ocis-phoenix/pkg/version"
 	"github.com/owncloud/ocis-pkg/v2/middleware"
@@ -30,6 +31,7 @@ func Server(opts ...Option) (http.Service, error) {
 			middleware.Cache,
 			middleware.Cors,
 			middleware.Secure,
+			phoenixmid.SilentRefresh,
 			middleware.Version(
 				"phoenix",
 				version.String,