diff --git a/changelog.d/11428.misc b/changelog.d/11428.misc
new file mode 100644
index 000000000..2f814fa5f
--- /dev/null
+++ b/changelog.d/11428.misc
@@ -0,0 +1 @@
+Add type annotations to some of the configuration surrounding refresh tokens.
\ No newline at end of file
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index 5e2154806..1ddad7cb7 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -11,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+from typing import Optional
 
 from synapse.api.constants import RoomCreationPreset
 from synapse.config._base import Config, ConfigError
@@ -123,12 +124,14 @@ class RegistrationConfig(Config):
             refreshable_access_token_lifetime = self.parse_duration(
                 refreshable_access_token_lifetime
             )
-        self.refreshable_access_token_lifetime = refreshable_access_token_lifetime
+        self.refreshable_access_token_lifetime: Optional[
+            int
+        ] = refreshable_access_token_lifetime
 
         refresh_token_lifetime = config.get("refresh_token_lifetime")
         if refresh_token_lifetime is not None:
             refresh_token_lifetime = self.parse_duration(refresh_token_lifetime)
-        self.refresh_token_lifetime = refresh_token_lifetime
+        self.refresh_token_lifetime: Optional[int] = refresh_token_lifetime
 
         # The fallback template used for authenticating using a registration token
         self.registration_token_template = self.read_template("registration_token.html")
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 8136ae264..24ca11b92 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -813,6 +813,11 @@ class RegistrationHandler:
             access_token = self.macaroon_gen.generate_guest_access_token(user_id)
         else:
             if should_issue_refresh_token:
+                # A refreshable access token lifetime must be configured
+                # since we're told to issue a refresh token (the caller checks
+                # that this value is set before setting this flag).
+                assert self.refreshable_access_token_lifetime is not None
+
                 now_ms = self.clock.time_msec()
 
                 # Set the expiry time of the refreshable access token